Daniel Kahn Gillmor dkg at
Thu Dec 16 07:42:41 EST 2010

On 12/15/2010 02:52 PM, Dustin Kirkland wrote:
> Right, I simply meant that I wasn't aware of any HKP keyserver network
> specifically for public SSH keys.

The trouble, as you say, is that you need some sort of cryptographic
authentication that the key really does belong to the person in question.

So you're left with a choice of either:

 a) running a single centrally-administered key distribution service (so
you can verify the transport itself), or

 b) using a distributed keyserver network that handles material with
cryptographic identity information directly attached (so you can verify
the material that potentially-untrustworthy keyservers give you).

The existing HKP keyserver network already supports SSH keys (ssh host
keys as well as users), making it a reasonable candidate for (b) if
that's the direction you want to go.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssh-unix-dev mailing list