IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Re-using RSA1 keys as RSA
> That being said, there really needs to be a mode to check all known host
> key types for one that matches. This is a _real_ security requirement,
> people! If we checked the SSHv1 key before accepting a new SSHv2 key,
> we'd be _alot_ better off for the migrators.
1) That's only really true if most people haven't already migrated. I
think it's been a year since I was really making significant use of
sshv1; everything that really matters to me has already migrated to
sshv2.
2) That's only really true if you have a fix for the habit people
develop of reacting to the MitM attack warning by deleting the
relevant known_hosts entries.
(To some extent, there is also a sysadmin behavior problem; if I
remember correctly, the sysadmins of one machine I use decided six or
eight months ago to change the host key as a result of migrating to a
new machine, and didn't send pgp signed mail with the new key when I
asked. They also broke my authorized_keys entry, such that I couldn't
even do a login that would prevent a man in the middle from forwarding
my login to the real machine. But they didn't break my password.)
3) That said, having a mechanism to roll over sshv2 keys to other
sshv2 keys more cleanly may well be worth having. I'm thinking
something where a client lists the keys it trusts, and if the server
has its old private keys, it can sign the session with an old host
key, and then use SSH_MSG_HOSTKEYS (once we have that defined; I have
a mostly written draft that I should submit real soon now) to send the
new host key.
Home |
Main Index |
Thread Index |
Old Index