blacklisting the bad ssh keys?
Eric Rescorla
ekr at networkresonance.com
Thu May 22 12:54:20 EDT 2008
At Wed, 14 May 2008 19:52:58 -0400,
Steven M. Bellovin wrote:
>
> Given the published list of bad ssh keys due to the Debian mistake (see
> http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
> updated to contain a blacklist of those keys? I suspect that a Bloom
> filter would be quite compact and efficient.
I've been having a similar thought. This also probably applies to SSL
keys, given the rather lack attitude that most clients have about
checking CRLS.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list