> That aside, this hole could be useful in a situation where Party A wants
> to help Party B compromise a system without leaving a paper trail. Party
> A trojans an ssh client binary, Innocent Bystander C does an ssh
> connection somewhere, and Party B sniffs the cleartext traffic. No
> evidence to point to Party B. If instead Party A trojaned the binary to
> send Party B a carbon-copy, and a white hat could extract this, then Party
> B is implicated.
>
> jm
Nonsense. He could just as easily trojan ssh to broadcast the encryption
key. If he can sniff the cleartext traffic, he can sniff the key. The point
stands -- a server cannot protect you against a client compromise.
DS
