On Nov 15, 2006, at 9:47 AM, Bob Beck wrote:
> In other words, I have to maintain a pre-populated "un-authorized"
> keys file because in any real deployment you are GOING to have these.
> and quite frequently with any sizable deployment. So I still have
> to maintain a file.
>
> "authorized keys" -> anything that is not allowed is denied.
> "un-authorized keys" -> anything that is not denied is allowed.
>
> NOT being prepared to maintain a file when doing this
> is pretty much akin to "Don't worry, I'll pull out before I cum".
> Everything's
> great until there a problem and then it's a fuckshow.
>
<snip>
> Don't get me wrong, I think this is possibly useful, but I don't
> think it should go in incomplete like this. In my view it is complete
> where when turning it on you specify a set of (possibly other) ssh
> server(s) the server itself will connect to and use as a CRL when
> presented with a key. - i.e. we should make it decently doable and
> document how to use a CRL in this case.
>
<snip>
>
> -Bob
>
That sounds very much like OCSP. The objections to CRL distribution
style revocation are pretty valid, IMO.
Brian Keefer
www.Tumbleweed.com
"The Experts in Secure Internet Communication"
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|