On Thu, Nov 29, 2001 at 04:09:53AM +0100, martin f krafft wrote:
> * Dimitri Maziuk <[EMAIL PROTECTED]> [2001.11.28 10:44:02-0600]:
> > Bull. Give me one reason why it sucks. It's the way of giving them
> > anonymous cvs access without too much hassle. Or do you believe
> > that letting them have *a private key* is bad because it's called
> > "private"? It's just a word, you know...
> i know. but there are two problems: one, you lose trust in a single
> user means you have to redistribute new private keys. and two - it's a
> proven fact that when i have my own password or my own key, i am a
> little more protective off it. aside, with a single key you can't
> determine who leaked the key in case of a third party entry, *and* you
> still have the problem of distribution.

...all of which is not a detriment to a key which is being used to
establish _anonymous_ access.  If it was intended for authenticated
access by a trusted user or users, then you're absolutely correct.
Dmitri, however, is suggesting that a specific key pair be designated
for anonymous access, which suggests that distribution of the private
key to any and all interested third parties with a minimum of
accountability is not only acceptable, but probably also desirable.

> most importantly, you
> are actively working against the concept behind public key
> encruyption.

Not true.  The concept behind encryption (PK or otherwise) is to
establish a secure method of communication.  Dmitri is simply
pointing out that ssh normally uses a one-to-many (one person can
access accounts on many machines) model but, by distributing the
private key and securing the public key, you can reverse that to
allow essentially anonymous many-to-one access instead.

> > Yes, and you also have one to one key->user map, so the setup is not
> > anonymous. Which may not be a good thing.
> so then give me a way to figure out which identity logged in to ssh if
> they all log in as one user?

You don't need to.  That's sort of the point of anonymous access.

When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius

Innocence is no protection when governments go bad. - Tom Swiss

Reply via email to