[Cryptography] Secure universal message addressing

Ralf Senderek crypto at senderek.ie
Tue Apr 5 12:46:47 EDT 2016



On Tue, 5 Apr 2016, John Gilmore wrote:

> The key idea here is a bad idea.
>
> ssh public key authentication has this problem too.  Its default is to
> assume that you want to use your same local identification to identify
> you to every remote site that you try to access.  What a clueless
> idea.  Luckily, ssh has survived despite this.  If you avoid its whole
> public-key-per-user aspect, you can use it reliably with usernames and
> passwords, different on every site.

Or a different public-key per server, all you have to add is a switch
"-i differentprivatekey" to your ssh command (and disable password access
altogether on the server).

    --ralf


More information about the cryptography mailing list