A mighty fortress is our PKI, Part II

Ben Laurie ben at links.org
Wed Jul 28 11:05:57 EDT 2010


On 28/07/2010 16:01, Perry E. Metzger wrote:
> On Wed, 28 Jul 2010 15:16:32 +0100 Ben Laurie <benl at google.com> wrote:
>> SSH does appear to have got away without revocation, though the
>> nature of the system is s.t. if I really wanted to revoke I could
>> almost always contact the users and tell them in person.
> 
> No, that's not what SSH does, or rather, it confuses the particular
> communications channel (i.e. some out of band mechanism) with the
> method that actually de-authorizes the key.
> 
> The point is that in SSH, if a key is stolen, you remove it from the
> list of keys allowed to log in to a host. The key now need never be
> thought about again. We require no list of "revoked keys" be kept,
> just as we required no signed list of keys that were authorized. We
> just had some keys in a database to indicate that they were
> authorized, and we removed a key to de-authorize it.

I am referring to the SSH host key. Fully agree for user keys.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list