Public storage for public keys
Markus Friedl
markus at openbsd.org
Mon Jan 14 19:41:34 EST 2002
how can you trust ldap? or dns?
On Mon, Jan 14, 2002 at 12:51:39AM +0300, Michael Tokarev wrote:
> This question should be asked before, but I fail to find
> the discussion.
>
> What options can be used for storing host/users pubkeys in
> a publically available places? I know openssh currently
> provide option except if /etc/ssh_known_hosts and ~/.ssh/known_hosts.
> But what about many machines?
>
> Think of e.g. pgp keyservers. Note that pgp keyservers isn't
> a good solution *always*. The best one IMHO will be to use
> a mechanism similar to name service switch (as found on solaris
> and now on linux/glibc, and on other systems as well). Sometimes,
> even this nsswitch mechanism can be used directly, by extending
> it for ssh needs (while nss api is known). There will be private
> module for ~/.ssh/known_hosts, `files' module for /etc/ssh_known_hosts,
> nis, ldap, db etc. Especially useful here is ldap, as it has more
> and more usages/deployments and was designed to store such kind
> of information. Even DNS can be used here (trusted, i.e. local,
> ofcourse)!
>
> Can something like this be done? (No, I don't ask to implement
> such a mechanism, but about possibilities of an "idea")?
>
> Regards,
> Michael.
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list