IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: 答复: Relationship between user name and public key pair in Authentication Protocol



> For the sake of  the "public" nature of public key it will not be secure
> if several users share the same public key pair. 

But that's not the case you asked about.  

> Even if the server try
> its best to keep it secret, the user may disclose the public key
> casually. 

But the whole point of public key systems is that they allow you to
disclose the public part of the keypair without creating a security
risk.

> So, it's necessary to ensure the public key pair are unique.

Does not follow.  Keypairs are statistically unique and it is highly
improbable that two users might generate the same key, assuming
reasonable random number generators.

> If the server find a user is registering a existing public key, it shall
> refuse the register and invalidate the existing one. 

register *what*, precisely?

what are you really trying to accomplish here?  what additional
security do you think you might provide?

It may be possible for a "role"-style shared account may have an acl
which allows access to it from multiple keys.

It may also be useful in some cases for a single key to provide access
to multiple accounts or multiple services.




Home | Main Index | Thread Index | Old Index