- jmc@cvs.openbsd.org 2012/08/15 18:25:50
[ssh-keygen.1]
a little more info on certificate validity;
requested by Ross L Richardson, and provided by djm
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 03f927e..1d55646 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.110 2012/08/15 18:25:50 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 6 2012 $
+.Dd $Mdocdate: August 15 2012 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -628,7 +628,9 @@
option allows specification of certificate start and end times.
A certificate that is presented at a time outside this range will not be
considered valid.
-By default, certificates have a maximum validity interval.
+By default, certificates are valid from
+.Ux
+Epoch to the distant future.
.Pp
For certificates to be used for user or host authentication, the CA
public key must be trusted by