Mailinglist Archive: opensuse-bugs (7528 mails)

< Previous Next >
[Bug 393186] Detecting weak keys following the Debian OpenSSL desaster
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 1 Aug 2008 06:31:32 -0600 (MDT)
  • Message-id: <20080801123132.14226245391@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=393186

User meissner@xxxxxxxxxx added comment
https://bugzilla.novell.com/show_bug.cgi?id=393186#c39





--- Comment #39 from Marcus Meissner <meissner@xxxxxxxxxx> 2008-08-01 06:31:31
MDT ---
Date: Wed, 28 May 2008 16:26:07 +0200
From: Sebastian Krahmer <krahmer@xxxxxxx>
To: oss-security@xxxxxxxxxxxxxxxxxx
Subject: Re: [oss-security] OpenSSH key blacklisting

Hi,

Last time I looked at the drafts (now RFC) there was no
spec for revoking user-keys. However it allows x509
certificates for hostkeys.
Its all about the RFCs. OpenSSH folks shouldnt implement
proprietary stuff :)
At the end of the day SSH is not really a PKI system. The focus
has been on different issues.

Sebastian

On Wed, May 28, 2008 at 03:03:42PM +0100, Tim Brown wrote:

All,

Maybe I've missed something, in which case, shoot me down, but why unlike
other services that make use of public key cryptography, does OpenSSH not
have use a model which supports proper authorisation and revocation
mechanisms? Would this not be an ideal opportunity to implement this?
Whilst I think there was a reasonable case for such features prior to the
Debian OpenSSL vulnerability being identified, I would argue that this issue
highlights the case. Comercial SSH already has such functionality - can
anyone offer a view on how [well] it works?

Tim
--
Tim Brown
<mailto:timb@xxxxxxxxxxxxxxxxxxxx>
<http://www.nth-dimension.org.uk/>

--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)


--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >