Re: Rekey issue

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: Rekey issue
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Thu, 09 Jun 2016 13:15:34 +0200

Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

> I can see at least three ways of dealing with this: (1) when rekeying,
> always accept the host key regardless of what it is, (2) when rekeying,
> require that the host key be what it was the first time around, always
> accepting if it is and erroring if not, and (3) when rekeying, behave
> as normal except that a second copy of the host key from the first time
> around is, effectively, added as a trusted key for the host.

I think I'm doing (3). That's what made most sense to me when I
implemented it, but maybe there are better options. When an unknown key
is received at the initial keyexchange, there are three possible
outcomes depending on the user interaction:

A. Disconnect.

B. Accepted only for this connection. Key is added to the in-memory list
   of trusted host keys.

C. Accepted. As above, but in addition, the key is appended to the host
   key list on disk.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

References:
- Rekey issue
  - From: Mouse

Prev by Date: Rekey issue
Next by Date: Re: Rekey issue
Previous by Thread: Rekey issue
Next by Thread: Re: Rekey issue
Indexes:

Home | Main Index | Thread Index | Old Index