[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Sep 7 11:08:15 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=2040
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Wouldn't it be simpler and safer to verify that all fingerprints match?
I.e verify that both SHA1 and SHA256 SSHFP records verify correctly.
Right now we need only one success and ignore all the hash
mismatches...
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list