Re: Fixing exchange of host keys in the SSH key exchange

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: Fixing exchange of host keys in the SSH key exchange
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Tue, 4 Apr 2017 18:06:58 -0400 (EDT)

> if I may stick an oar in sideways: if you go to all the trouble,
> could you add a mechanism by which the server could advise that the
> host key used by the client was still valid but deprecated, and to
> download the new host key once connected?

That actually is a very interesting argument I hadn't thought of for
something operationally like the proposed scheme: it permits the server
to support multiple host keys at once for a single algorithm.  (The
client, of course, already can, since in the current design it's the
one judging host key validity.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Fixing exchange of host keys in the SSH key exchange
  - From: denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: S.P.Zeidler

Prev by Date: Re: Fixing exchange of host keys in the SSH key exchange
Next by Date: Re: Fixing exchange of host keys in the SSH key exchange
Previous by Thread: Re: Fixing exchange of host keys in the SSH key exchange
Next by Thread: eddsa25519 & eddsa448 for use with SSH
Indexes:

Home | Main Index | Thread Index | Old Index