David O'Brien wrote:
>
> On Fri, Dec 22, 2000 at 11:28:07PM -0800, Kris Kennaway wrote:
> > Incorrect..the problems with SSH come down to flaws in the human
> > operator who ignore the warnings SSH gives them, and tell it
> > explicitly to do insecure things like connect to a server which is
> > suddenly not the one you're used to connecting to.
>
> And we, the FreeBSD Project, don't do a thing to help this situation.
> We change the SSH keys on the freebsd.org machines left and right w/o
> *ANY* notice to committers that they have been changed. So we've trained
> our own committers to have sloppy habits that could lead a malicious code
> added to the FreeBSD CVS source repository.
This is exactly the sort of problem we need to solve in a usable and secure
manner, so we can be an example to hold up and say "this is one way you can
make it work."
I'm completely open to suggestions as to how we can accomplish that. A few
ideas leap to mind, but unfortunately, short of an heirarchical calling
list, none of them really work, relying on other key information that may
have changed also. Sending an email with the new certs signed by the SO
or other authoritative key would work, given that everyone already has the
OS cert or key, unless it is the SO key that is changing.
With a little bit of perspiration, we could probably create a calling list
that minimizes overseas and long distance calls, but reaching far-flung
people on the phone is often difficult, expensive work.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
[EMAIL PROTECTED] http://softweyr.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
