Public storage for public keys
Frank Cusack
fcusack at fcusack.com
Tue Jan 15 08:45:19 EST 2002
On Mon, Jan 14, 2002 at 11:42:07PM +0300, Michael Tokarev wrote:
> Markus Friedl wrote:
> >
> > how can you trust ldap? or dns?
>
> How you can trust public pgp keyservers?
>
> On another side, for storing *public* keys, there is no
> *real* need to be *so* suspicious.
Storing pgp keys is a completely different animal. pgp has it's
own trust model and doesn't depend on the trustworthiness of the
key distribution. ssh keys, on the other hand, do not have
this quality.
> Saved pubkeys protects from man-in-the-middle attacks.
Yes, saved in a trusted location (ie, local file system).
A key in DNS is not trustworthy, since DNS is easily
compromised.
/fc
More information about the openssh-unix-dev
mailing list