RFC - Supporting OpenSSH certificates

[thinkwelltwd]

First of all, thanks for django-ca!! I'm finding this library most beneficial.

I would would like to implement an OpenSSH CA service as well. One way to start might be to add support for CA certs with Ed25519 private keys. Once that's done, I could perhaps move to a PR generating CA-signed public keys.

I am willing to just add the functionality in my own project. However, I'd be open to doing it as a PR to merge into this library, if you're interested in that. Perhaps you're only interested in x509 certs. (And I'm not sure if my coding standards would meet your expectations!)

What are your thoughts?

[thinkwelltwd]

I decided to go ahead and start with Ed25519 key support PR #74. The signing of the public keys will be more involved, as it'll likely require an OpenSshCertificate model.

Also, I suppose some design thoughts could be considered, such as adding a ca_type field to the CertificateAuthority model, for easy querying. I did add custom extensions to the CA so that inspecting the cert reveals its intended purpose.

[mathiasertl]

Hi,

I support adding this in general, let's get your PR merged. It looks good except for minor changes (and I still have to inspect the exact semantics of that openssh module extensions).

One thing that's missing yet is docs, see the docs/ directory. But let's get the functionality going and then we see how it fits into the docs!

PS: While I have been active on the project in the meantime, the fact that I only saw this now is a testament to how decraded my email setup currently is. I apologize for the unacceptably huge delay.

kr, Mat