oss-sec mailing list archives

Re: OpenSSH key blacklisting

From: Solar Designer <solar () openwall com>
Date: Sat, 17 May 2008 01:58:54 +0400

On Fri, May 16, 2008 at 05:10:43PM -0300, Gustavo De Nardin (spuk) wrote:

If this is going to be accepted as a more general solution, it'd be good to
allow also for local, admin-maintened, blacklists, not just upstream
maintened (and automatically updated).


I agree that this might be desirable functionality, but unfortunately it
has a price - we'd have to maintain two file parsers and lookup
algorithms (perhaps binary and indexed, and text and sequential) or an
additional program to update the binary file.  (If we only create the
binary file ourselves, then that program can be a quick hack - maybe
even a Perl script.)

Has there been any demand for such blacklists, prior to the Debian issue
coming up?  If not, then this additional feature is probably not worth
implementing right away.

Alexander

Current thread:

Re: OpenSSH key blacklisting, (continued)
- - - Re: OpenSSH key blacklisting Tim Brown (Jun 02)
    - Re: OpenSSH key blacklisting Sebastian Krahmer (Jun 02)
    - Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
    - Re: OpenSSH key blacklisting The Fungi (Jun 04)
    - Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
    - Re: OpenSSH key blacklisting Jonathan Smith (Jun 04)
    - Re: OpenSSH key blacklisting Nathanael Hoyle (May 28)
    - Re: OpenSSH key blacklisting Florian Weimer (May 28)
    - Re: OpenSSH key blacklisting Mike Frysinger (May 31)
- Re: OpenSSH key blacklisting Gustavo De Nardin (spuk) (May 16)
  - Re: OpenSSH key blacklisting Solar Designer (May 16)
    - Re: OpenSSH key blacklisting Gustavo De Nardin (spuk) (May 16)