Public storage for public keys
Frank Cusack
fcusack at fcusack.com
Mon Jan 14 09:38:31 EST 2002
On Mon, Jan 14, 2002 at 12:51:39AM +0300, Michael Tokarev wrote:
> What options can be used for storing host/users pubkeys in
> a publically available places? I know openssh currently
> provide option except if /etc/ssh_known_hosts and ~/.ssh/known_hosts.
> But what about many machines?
>
[...]
>
> Can something like this be done? (No, I don't ask to implement
> such a mechanism, but about possibilities of an "idea")?
There is a significant trust problem. You can't store pubkeys in
places that are untrustworthy, like DNS, LDAP, unless you sign the keys.
Which introduces a bunch of other problems.
/fc
More information about the openssh-unix-dev
mailing list