blacklisting the bad ssh keys?

Eric Rescorla ekr at
Thu May 22 12:54:20 EDT 2008

At Wed, 14 May 2008 19:52:58 -0400,
Steven M. Bellovin wrote:
> Given the published list of bad ssh keys due to the Debian mistake (see
>, should sshd be
> updated to contain a blacklist of those keys?  I suspect that a Bloom
> filter would be quite compact and efficient.

I've been having a similar thought. This also probably applies to SSL
keys, given the rather lack attitude that most clients have about
checking CRLS.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list