Re: "Host name" definition somewhere in the ID set?

To: Thierry Moreau <thierry.moreau%connotech.com@localhost>
Subject: Re: "Host name" definition somewhere in the ID set?
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 13 Mar 2005 17:50:37 +0100

Thierry Moreau <thierry.moreau%connotech.com@localhost> writes:

> My single concern is that "host name" is not defined anywhere in the
> SSH    Internet drafts. This definition would be by reference to
> another document, I guess.

Why do you think "host name" needs to be defined? For the "known-hosts
database", which assocaites keys to host names?

The known-hosts database is mostly an implementation issue. I think
it's best to associate keys with whatever name the user types on the
command line to connect to it.

I've considered if it might be better to use the dns name used to look
up the corresponding A/AAAA record, i.e. after processing of the
search directive in /etc/resolv.conf, and cname processing. But then
one might get fooled by a rogue dns or dhcp server, which defeats the
purpose of host authentication.

(I think openssh also records the ip address together with the host
keys, but I'm not sure how that information is used).

/Niels

References:
- "Host name" definition somewhere in the ID set?
  - From: Thierry Moreau
- Re: "Host name" definition somewhere in the ID set?
  - From: Bill Sommerfeld
- Re: "Host name" definition somewhere in the ID set?
  - From: Thierry Moreau

Prev by Date: Re: Better reference for SHA-1
Next by Date: Core IDs
Previous by Thread: Re: "Host name" definition somewhere in the ID set?
Next by Thread: Silliness: Some symbolic values undefined
Indexes:

Home | Main Index | Thread Index | Old Index