-
-
Notifications
You must be signed in to change notification settings - Fork 77
Open
Labels
Description
Is your feature request related to a problem? Please describe.
The RFC currently only mentions OpenPGP keys as an option for signing, while it's also possible to sign artificial data with SSH keys. It has also became integrated with git, Gitea and GitHub and GitLab are either interested or working on supporting it. Thus I think SSH signatures are going to rise in popularity and should be considered by security.txt
Describe the solution you'd like
I would like security.txt to allow signing the file using SSH keys too.
Describe alternatives you've considered
- Staying with OpenPGP requiring administrators to keep multiple types of keys.
- Having a
# comment
in security.txt pointing to SSH signature.
Additional context
I think SSH signatures require detached signatures tying this issue with #206 and #214 mentions age
by name, which again reuses SSH keys.