https://bugzilla.novell.com/show_bug.cgi?id=393186
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=393186#c41
--- Comment #41 from Marcus Meissner
AFAIK, SSH wasn't born of RFCs but rather the RFCs were born from an implementation. That being said, I don't consider an open source One needs to dig in history but I think thats not quite true for SSH2. At least the SSH clients/servers today are written to implement the RFC.
implementation (of a new standard) to be proprietry but rather a reference implementation which others can choose to follow (or not). Others may beg to When I said "should not implement proprietary stuff" it was not meant that they are actually doing it today. Rather I acknowledged that it indeed meets the RFC quite well.
Blacklisting certain keys is probably not against the RFC, but it would be better to specify such additional security measurement in the RFC as well. Especially the point in time when it has to happen. I'd prefer blacklisting before the key is checked against the authorized_hosts file. (as it happens with the blacklist patch in SSH2 pubkey authentication) Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.