RE: RE: Relationship between user name and public key pair in Authentication Protocol

[Miao Fuyou <miaofy%huawei.com@localhost>]

You are right, it is unpractical to generate the same key pair, and the
effort to devise a mechanism for prevention is meaningless. But I still
think the relationship permitted in SSH shall be described explicitly,
so the developers can implement it realizingly. How do you think about
it?  
 
-----Original Message-----
From: sommerfeld%thunk.east.sun.com@localhost
[mailto:sommerfeld%thunk.east.sun.com@localhost] On Behalf Of Bill Sommerfeld
Sent: Thursday, March 20, 2003 1:21 PM
To: Miao Fuyou
Cc: ylo%ssh.com@localhost; kivinen%ssh.com@localhost; ietf-ssh%netbsd.org@localhost
Subject: Re: 答复: Relationship between user name and public key pair in
Authentication Protocol


> For the sake of  the "public" nature of public key it will not be 
> secure if several users share the same public key pair.

But that's not the case you asked about.  

> Even if the server try
> its best to keep it secret, the user may disclose the public key 
> casually.

But the whole point of public key systems is that they allow you to
disclose the public part of the keypair without creating a security
risk.

> So, it's necessary to ensure the public key pair are unique.

Does not follow.  Keypairs are statistically unique and it is highly
improbable that two users might generate the same key, assuming
reasonable random number generators.

> If the server find a user is registering a existing public key, it 
> shall refuse the register and invalidate the existing one.

register *what*, precisely?

what are you really trying to accomplish here?  what additional security
do you think you might provide?

It may be possible for a "role"-style shared account may have an acl
which allows access to it from multiple keys.

It may also be useful in some cases for a single key to provide access
to multiple accounts or multiple services.