Blargh

I've started writing a replacement for SSH. Why? Because SSH has some drawbacks that sometimes annoy me. I also wanted an authentication scheme that's more similar to SSL/TLS than what SSH does. With tlssh you don't specify username or password, you simply connect to the server using a client-side certificate to log in as the user specified in the certificate. No interaction until you reach the shell prompt on the server. Of course you can log in using a public key with SSH, but it's only a public/private key pair, there's none of the PKI that SSL has. Specifically, what I was missing in SSH was: Expiring keys, both login-keys and server certificates CRL s (Certificate Revocation Lists) - wouldn't it be nice to just revoke the all certificates that were on a compromised machine and they'll suddenly be unusable everywhere? (I will add OCSP too. Same thing but more "online") Pureness. Not all th...