[Bug 2040] Downgrade attack vulnerability when checking SSHFP records

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Sep 7 11:08:15 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=2040

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Wouldn't it be simpler and safer to verify that all fingerprints match?
I.e verify that both SHA1 and SHA256 SSHFP records verify correctly.
Right now we need only one success and ignore all the hash
mismatches...

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list