[Cryptography] Secure universal message addressing
Ralf Senderek
crypto at senderek.ie
Tue Apr 5 12:46:47 EDT 2016
On Tue, 5 Apr 2016, John Gilmore wrote:
> The key idea here is a bad idea.
>
> ssh public key authentication has this problem too. Its default is to
> assume that you want to use your same local identification to identify
> you to every remote site that you try to access. What a clueless
> idea. Luckily, ssh has survived despite this. If you avoid its whole
> public-key-per-user aspect, you can use it reliably with usernames and
> passwords, different on every site.
Or a different public-key per server, all you have to add is a switch
"-i differentprivatekey" to your ssh command (and disable password access
altogether on the server).
--ralf
More information about the cryptography
mailing list