On 28/07/2010 16:01, Perry E. Metzger wrote: > On Wed, 28 Jul 2010 15:16:32 +0100 Ben Laurie <b...@google.com> wrote: >> SSH does appear to have got away without revocation, though the >> nature of the system is s.t. if I really wanted to revoke I could >> almost always contact the users and tell them in person. > > No, that's not what SSH does, or rather, it confuses the particular > communications channel (i.e. some out of band mechanism) with the > method that actually de-authorizes the key. > > The point is that in SSH, if a key is stolen, you remove it from the > list of keys allowed to log in to a host. The key now need never be > thought about again. We require no list of "revoked keys" be kept, > just as we required no signed list of keys that were authorized. We > just had some keys in a database to indicate that they were > authorized, and we removed a key to de-authorize it.
I am referring to the SSH host key. Fully agree for user keys. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com