Public storage for public keys
Michael Tokarev
mjt at tls.msk.ru
Tue Jan 15 07:42:07 EST 2002
Markus Friedl wrote:
>
> how can you trust ldap? or dns?
How you can trust public pgp keyservers?
On another side, for storing *public* keys, there is no
*real* need to be *so* suspicious. Saved pubkeys protects
from man-in-the-middle attacks. If a key stored in some
other place, that "middle-man" need to break a naming service
(e.g. dns) of *target* host *and* your local naming service
and/or pubkey storage (depending on how this is organized).
Those two breakdowns should happen at the same time as your
connection attempt to a target host. Well, it IS possible
to research and implement such an attack, but an attacker
should be really mad trying to hijaak your data. And in
this case, your information should be VERY needed by an
attacker -- in this case of so interesting information, extra
security layers should be in place anyway, and *untrusted*
dns/ldap/whatether should NOT be used for key storage either.
A sort of -- I know, there are attackers exists who does
their job for fun only for example. But imagine e.g. local
dns server that handles local zones (and another one that
talks with the world) -- I see no reason to NOT trust this
local dns server (if configured properly). After all, if
that dns server will be cracked, an intruder probably will
be able to change /etc/ or ~/.ssh/ files as well.
Regards,
Michael.
More information about the openssh-unix-dev
mailing list