[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Wed, 28 May 2008 16:26:07 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: OpenSSH key blacklisting
Hi,
Last time I looked at the drafts (now RFC) there was no
spec for revoking user-keys. However it allows x509
certificates for hostkeys.
Its all about the RFCs. OpenSSH folks shouldnt implement
proprietary stuff :)
At the end of the day SSH is not really a PKI system. The focus
has been on different issues.
Sebastian
On Wed, May 28, 2008 at 03:03:42PM +0100, Tim Brown wrote:
> All,
>
> Maybe I've missed something, in which case, shoot me down, but why unlike
> other services that make use of public key cryptography, does OpenSSH not
> have use a model which supports proper authorisation and revocation
> mechanisms? Would this not be an ideal opportunity to implement this?
> Whilst I think there was a reasonable case for such features prior to the
> Debian OpenSSL vulnerability being identified, I would argue that this issue
> highlights the case. Comercial SSH already has such functionality - can
> anyone offer a view on how [well] it works?
>
> Tim
> --
> Tim Brown
> <mailto:timb@...-dimension.org.uk>
> <http://www.nth-dimension.org.uk/>
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux