-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSH signatures as an alternative to OpenPGP ones #216
Labels
Comments
We can take a look at this once the RFC is published which should have within the next 1-3 weeks. Meanwhile, is there a standard or an IETF draft discussing SSH signatures? |
Currently the most I can find is their own file |
Another alternative is to define a new field that references a detached SSH signature, something like: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The RFC currently only mentions OpenPGP keys as an option for signing, while it's also possible to sign artificial data with SSH keys. It has also became integrated with git, Gitea and GitHub and GitLab are either interested or working on supporting it. Thus I think SSH signatures are going to rise in popularity and should be considered by security.txt
Describe the solution you'd like
I would like security.txt to allow signing the file using SSH keys too.
Describe alternatives you've considered
# comment
in security.txt pointing to SSH signature.Additional context
I think SSH signatures require detached signatures tying this issue with #206 and #214 mentions
age
by name, which again reuses SSH keys.The text was updated successfully, but these errors were encountered: