oss-sec mailing list archives
Re: OpenSSH key blacklisting
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 3 Jun 2008 08:15:30 +0200
Hi, On Tue, Jun 03, 2008 at 12:37:59AM +0100, Tim Brown wrote:
AFAIK, SSH wasn't born of RFCs but rather the RFCs were born from an implementation. That being said, I don't consider an open source
One needs to dig in history but I think thats not quite true for SSH2. At least the SSH clients/servers today are written to implement the RFC.
implementation (of a new standard) to be proprietry but rather a reference implementation which others can choose to follow (or not). Others may beg to
When I said "should not implement proprietary stuff" it was not meant that they are actually doing it today. Rather I acknowledged that it indeed meets the RFC quite well. Blacklisting certain keys is probably not against the RFC, but it would be better to specify such additional security measurement in the RFC as well. Especially the point in time when it has to happen. I'd prefer blacklisting before the key is checked against the authorized_hosts file. (as it happens with the blacklist patch in SSH2 pubkey authentication) Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- Re: OpenSSH key blacklisting, (continued)
- Re: OpenSSH key blacklisting Solar Designer (May 18)
- Re: OpenSSH key blacklisting Kees Cook (May 19)
- Re: OpenSSH key blacklisting Kees Cook (May 19)
- Re: OpenSSH key blacklisting Kees Cook (May 18)
- Re: OpenSSH key blacklisting Matthias Andree (May 20)
- Re: OpenSSH key blacklisting Solar Designer (May 27)
- Re: OpenSSH key blacklisting Dmitry V. Levin (May 27)
- Re: OpenSSH key blacklisting Tim Brown (May 28)
- Re: OpenSSH key blacklisting Sebastian Krahmer (May 28)
- Re: OpenSSH key blacklisting Tim Brown (Jun 02)
- Re: OpenSSH key blacklisting Sebastian Krahmer (Jun 02)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting The Fungi (Jun 04)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting Jonathan Smith (Jun 04)
- Re: OpenSSH key blacklisting Nathanael Hoyle (May 28)
- Re: OpenSSH key blacklisting Florian Weimer (May 28)
- Re: OpenSSH key blacklisting Mike Frysinger (May 31)
- Re: OpenSSH key blacklisting Solar Designer (May 16)
- Re: OpenSSH key blacklisting Gustavo De Nardin (spuk) (May 16)