[cryptography] preventing protocol failings

James A. Donald jamesd at echeque.com
Tue Jul 12 21:12:28 EDT 2011


On 2011-07-13 8:36 AM, Andy Steingruebl wrote:
> I reject the SSH key management example though.  Especially if you've
> ever maintained a large number/variety of unix servers running SSH,
> where hardware failures, machine upgrades, etc. lead to frequent SSH
> key churn.  In those cases the only solutions are:
>
> 1. Automate key distribution to things like the /etc/known_hosts file
> via means that aren't built into or supported by SSH itself really,
> they are an adhoc add-on.
> 2. Go to insane pains to ensure that keys don't ever change. Quite
> tricky when you're trying to automate OS installs, etc.
> 3. Use keys-in-DNS for this, which defaults back to something quite
> easy to attack.
> 4. Give up. Accept all keys without fail and just assume you're not
> getting owned.

Option 2 does not seem to require "insane pains",  It is less horrid 
than installing an SSL certificate.



More information about the cryptography mailing list