key rotation on ssh servers
Ángel González
keisial at gmail.com
Thu May 16 01:04:12 EST 2013
Om 15/05/13 07:55, Daniel Kahn Gillmor wrote:
> oh, i guess one more question, sorry:
>
> One of the goals of a key exchange is to permit future authentications
> with a new key.
>
> Looking even further down the road, you'd also want to *prevent* future
> authentications with an old key.
>
> That is, if the process never removes the old key from the client's
> ~/.ssh/known_hosts file, then it doesn't really protect the client
> against a key compromise of the old key in the long run.
>
> So do you think the semantics of the proposed SSH_MSG_HOSTKEYS message
> should include "please invalidate all host keys not listed here"?
Perhaps the hostkeys message should include an expiry field?
> Do you imagine that the server would just send this message to any
> connected client blindly after each keyexchange, or should the client
> signal its willingness to receive such a message first? (e.g. with an
> otherwise empty SSH_MSG_HOSTKEYS message?) client signalling seems like
> it would reduce bandwidth costs initially (no bulk keys would be sent to
> clients who don't want them) but might increase them in the long run (an
> extra packet from the client that is not needed).
Maybe add "support for hostkey listing" as a pseudo-key type in the key
exchange?
I should check the rfc for the current key exchange process.
More information about the openssh-unix-dev
mailing list