On Wed, May 21, 2003 at 11:31:48PM -0400, Anthony DeRobertis wrote: > On Wed, 2003-05-21 at 21:32, Peter Cordes wrote: > > On Wed, May 14, 2003 at 03:41:44PM -0400, Anthony DeRobertis wrote: > > > Couldn't you do (b) the way SSH handles server public keys? > > Sure, I suppose so, at least on hosts that can keep enough state. Though > replacing a DHCP server would be a royal PITA!
If you could get the private key out and use it in the new one, it would be ok. Otherwise, you might need to issue a "forget about this key" message, like I suggested might be necessary. As long as nobody picked that time to set up a bogus DHCP server, the clients would all get the public key of the new DHCP server and then be able to reject attacks once again. Still, all that increased complexity leaves a lot of room for something to go wrong and leave an admin with the task of needing to doing something to a whole bunch of machines, maybe manually because their network interfaces are down. Running around with a floppy with a shell script on it doesn't sound like a lot of fun... > >#define X(x,y) x##y > >Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) > > <stdin>:2:53: warning: pasting "." and "ns" does not give a valid > preprocessing token > > /me thinks that should be "#define X(x,y) #x#y" Uh oh, my .sig was dependent on non-standard behaviour of old gcc versions :(. (it works with gcc-2.95 -E -). x##y gives a warning message and leave a space between the . and the ns, but #x#y leaves double quotes floating around. To get rid of the extra space, it has to be ...nslug.,ns.ca, but that still gives a warning. Here's on that works: ...nslug.n , s.ca. I'll go with that for now, but it's even more obtuse to people who have never heard of C (I sometimes wonder what non-techies think of my .sig, but I do assume they can figure out what my email addr is from it. Now even that might be a problem.) I might just give up on the CPP macro. Actually, I'm curious why my old .sig generated a warning from gcc; I didn't know the preprocessor had such high standards for its tokens. Maybe it's a bug in gcc, but I'm not going to try to figure that out, so it would be good if someone who recently memorized the C standard could tell me whether it deserves a warning or not, and if so, why :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC