oss-sec mailing list archives
Re: OpenSSH key blacklisting
From: Solar Designer <solar () openwall com>
Date: Sat, 17 May 2008 01:58:54 +0400
On Fri, May 16, 2008 at 05:10:43PM -0300, Gustavo De Nardin (spuk) wrote:
If this is going to be accepted as a more general solution, it'd be good to allow also for local, admin-maintened, blacklists, not just upstream maintened (and automatically updated).
I agree that this might be desirable functionality, but unfortunately it has a price - we'd have to maintain two file parsers and lookup algorithms (perhaps binary and indexed, and text and sequential) or an additional program to update the binary file. (If we only create the binary file ourselves, then that program can be a quick hack - maybe even a Perl script.) Has there been any demand for such blacklists, prior to the Debian issue coming up? If not, then this additional feature is probably not worth implementing right away. Alexander
Current thread:
- Re: OpenSSH key blacklisting, (continued)
- Re: OpenSSH key blacklisting Tim Brown (Jun 02)
- Re: OpenSSH key blacklisting Sebastian Krahmer (Jun 02)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting The Fungi (Jun 04)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting Jonathan Smith (Jun 04)
- Re: OpenSSH key blacklisting Nathanael Hoyle (May 28)
- Re: OpenSSH key blacklisting Florian Weimer (May 28)
- Re: OpenSSH key blacklisting Mike Frysinger (May 31)
- Re: OpenSSH key blacklisting Solar Designer (May 16)
- Re: OpenSSH key blacklisting Gustavo De Nardin (spuk) (May 16)