Van Dyke's Public Key Assistant
Damien Miller
djm at mindrot.org
Fri May 21 13:46:58 EST 2004
Randy Gordey wrote:
> Jeff Van Dyke's "Public Key Assistant subsystem" was previously discussed
> here: (end of a short thread)
>
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=103436908422003&w=2
>
> I do see a few comments that seem to point out his arrogance and some
> disgust about OpenBSD's RCSID, but has anybody found it to be unsecure or if
> it was bug ridden. The subject sorta dies right there. If you follow the
> links on www.vandyke.com, they still seem to be maintaining the patch...
Speaking personally, I haven't had time too look at it.
> Even if it was never going to be part of the RFC and might be only mildly
> popular is there a technical reason the OpenSSH project's source should not
> include his patch? Does it hamstring security?
Every patch has security implications, things that manipulate
authorisation databases (such as authorized_keys) require additional
scrutiny.
-d
More information about the openssh-unix-dev
mailing list