| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On Monday 01 December 2003 21:51, Luke-Jr wrote: |
| 5 |
> > Thats a very good question. In this case you'd have to go thru an admin |
| 6 |
> > for it to work, which would firstly produce a bottleneck, and secondly |
| 7 |
> > create more oppertunities for a possible security breach I think. The |
| 8 |
> > initial send of the ssh key would have to be verified as coming from a |
| 9 |
> > valid source (to stop some social engineering/taking advantage of |
| 10 |
> > timing). |
| 11 |
> |
| 12 |
> DCC the ssh key through IRC or GPG sign an email with it. Not too |
| 13 |
> complicated. SSH keys are short enough one could simply paste them in a |
| 14 |
> chat anyway... -- |
| 15 |
|
| 16 |
considering his initial points: |
| 17 |
(1) admin is bottleneck |
| 18 |
(2) verifying the key wasnt messed with in transit |
| 19 |
your solution really doesnt address either ... in fact the irc thing is a |
| 20 |
*really bad* idea ... |
| 21 |
after all, dcc/irc is as easy to manipulate as telnet (well even easier :D) |
| 22 |
- -mike |
| 23 |
-----BEGIN PGP SIGNATURE----- |
| 24 |
Version: GnuPG v1.2.3 (GNU/Linux) |
| 25 |
|
| 26 |
iQIVAwUBP8wAVUFjO5/oN/WBAQKTWRAArF8FI7iuv8t404FtWNoYc3w5v2BjRjOG |
| 27 |
Q4c3aeBR4Rb3ahqhEhjo4e1Tj/5g58cUl4yVMT13lNf2w1ivUorLuN3UQbEtXp0g |
| 28 |
AkYWKpTVOoaW/i5MbCUavjZCSyuSoyltqrD+7Dy8VIRO+LdeNRjZY/kiiqERWNUu |
| 29 |
SXor9IfwHPjOp8KjtSi2EW9Xfi0nJYVQqxy6PzDwIazUwcVfLHegboEu2+bTDg0f |
| 30 |
T4og/i6fwZ3ADx/3QFP9wBqq6wOsAfzYFqv4s/m4lbOqRHIcMffEI718s5uhqhAM |
| 31 |
P/Ve0PceYFCRd3w7vrlX7piKkqkcCG30RB0jo5+QFUukklimiqVq5wkXqvIIdcEo |
| 32 |
+HvT7z3LViMOdfXjy6LHDt3fXDXhh1YLxsu1/hjm4L2BYp1r3Mks8ckHNXt+0Kgx |
| 33 |
+1It7pidDkthevLvX8n+R1UOHX/kE9WmDfF71EMef2LiFN3/Zv9N22DFZbmu1faq |
| 34 |
NLKNozcgnf6vCV+4IAmaSTbiVgv6Q51JGeUisBgY5X4s39ks6I8+t/jdXvNp8DH9 |
| 35 |
zk7LVdMQkYlMsxhG0tpevAJ4327OUY1NLZD9VYpvgVObSxwnuUMyT7MRPmJQShqs |
| 36 |
9Fffowd23dZmXEL/D9ApsTyFAk9VPWKweG4YBLKUdvsZVeamNuws3tOgHBgPUAxu |
| 37 |
rh8dA7P7a48= |
| 38 |
=1S2A |
| 39 |
-----END PGP SIGNATURE----- |
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-dev@g.o mailing list |
Archives