Theme fund: NGI Assure
Period: 2021-04 — 2024-03
Improving OpenSSH's Authentication and PKI
Improving SSH Authentication with OpenPGP transitive trust
It would not be a stretch to say that ssh secures the Internet - it is the protocol most relied on to log into servers of any type. Yet, its authentication model is inflexible, rarely used properly, and inadequate. OpenPGP's transitive trust (aka "web of trust") mechanisms and revocation certificates can help to provided additional automated assurances. By publishing and certifying OpenPGP keys for servers, an ssh client may be able to automatically check whether an encrypted connection is not only encrypted, but also authenticated. Similarly, server administrators can automatically find the right public key for users. And when a server key or user key is compromised, using OpenPGP, it is straightforward to ensure that it won't be trusted: just publish a revocation certificate. This project will add OpenPGP support to OpenSSH to improve and simplify these workflows.
- The project's own website:https://codeberg.org/wiktor/ssh-openpgp-auth
This project was funded through theNGI Assure Fund, a fund established byNLnet with financial support from the European Commission'sNext Generation Internet programme, under the aegis ofDG Communications Networks, Content and Technology under grant agreement No957073.
