+
Skip to content

SSH signatures as an alternative to OpenPGP ones #216

@Mikaela

Description

@Mikaela

Is your feature request related to a problem? Please describe.

The RFC currently only mentions OpenPGP keys as an option for signing, while it's also possible to sign artificial data with SSH keys. It has also became integrated with git, Gitea and GitHub and GitLab are either interested or working on supporting it. Thus I think SSH signatures are going to rise in popularity and should be considered by security.txt

Describe the solution you'd like

I would like security.txt to allow signing the file using SSH keys too.

Describe alternatives you've considered

  • Staying with OpenPGP requiring administrators to keep multiple types of keys.
  • Having a # comment in security.txt pointing to SSH signature.

Additional context

I think SSH signatures require detached signatures tying this issue with #206 and #214 mentions age by name, which again reuses SSH keys.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载