James O'Gorman · Sep 1, 2012 · 4:54 PM UTC

James O'Gorman @jogbert

1 Sep 2012

@bensummers Might you be able to help @dsilverstone out with this problem? blog.digital-scurf.org/2012/… (As you’ve done things with SSL before…)

Ben Summers · Sep 1, 2012 · 5:02 PM UTC

Ben Summers @bensummers

1 Sep 2012

@jogbert @dsilverstone Should be possible, but you'll be fighting infrastructure all the way. Make a CA for client, sign client certs.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Sep 1, 2012 · 8:08 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Sep 1, 2012 · 8:08 PM UTC

1 Sep 2012

Replying to @bensummers

@bensummers @jogbert Thanks for the encouragement. Not sure how I can generate the client cert without access to the client's private key :(

Sep 1, 2012 · 8:08 PM UTC

Ben Summers · Sep 1, 2012 · 8:21 PM UTC

Ben Summers @bensummers

1 Sep 2012

@dsilverstone @jogbert But ask a real cryptographer, not just someone who plays one on the twitters.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Sep 2, 2012 · 10:14 AM UTC

2 Sep 2012

@bensummers everything comes back to the private key :(

Ben Summers · Sep 1, 2012 · 8:20 PM UTC

Ben Summers @bensummers

1 Sep 2012

@dsilverstone @jogbert They can generate a self-signed cert, then you check validiy and the public key matches the ssh key.