-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 01 December 2003 21:51, Luke-Jr wrote: > > Thats a very good question. In this case you'd have to go thru an admin > > for it to work, which would firstly produce a bottleneck, and secondly > > create more oppertunities for a possible security breach I think. The > > initial send of the ssh key would have to be verified as coming from a > > valid source (to stop some social engineering/taking advantage of > > timing). > > DCC the ssh key through IRC or GPG sign an email with it. Not too > complicated. SSH keys are short enough one could simply paste them in a > chat anyway... --
considering his initial points: (1) admin is bottleneck (2) verifying the key wasnt messed with in transit your solution really doesnt address either ... in fact the irc thing is a *really bad* idea ... after all, dcc/irc is as easy to manipulate as telnet (well even easier :D) - -mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iQIVAwUBP8wAVUFjO5/oN/WBAQKTWRAArF8FI7iuv8t404FtWNoYc3w5v2BjRjOG Q4c3aeBR4Rb3ahqhEhjo4e1Tj/5g58cUl4yVMT13lNf2w1ivUorLuN3UQbEtXp0g AkYWKpTVOoaW/i5MbCUavjZCSyuSoyltqrD+7Dy8VIRO+LdeNRjZY/kiiqERWNUu SXor9IfwHPjOp8KjtSi2EW9Xfi0nJYVQqxy6PzDwIazUwcVfLHegboEu2+bTDg0f T4og/i6fwZ3ADx/3QFP9wBqq6wOsAfzYFqv4s/m4lbOqRHIcMffEI718s5uhqhAM P/Ve0PceYFCRd3w7vrlX7piKkqkcCG30RB0jo5+QFUukklimiqVq5wkXqvIIdcEo +HvT7z3LViMOdfXjy6LHDt3fXDXhh1YLxsu1/hjm4L2BYp1r3Mks8ckHNXt+0Kgx +1It7pidDkthevLvX8n+R1UOHX/kE9WmDfF71EMef2LiFN3/Zv9N22DFZbmu1faq NLKNozcgnf6vCV+4IAmaSTbiVgv6Q51JGeUisBgY5X4s39ks6I8+t/jdXvNp8DH9 zk7LVdMQkYlMsxhG0tpevAJ4327OUY1NLZD9VYpvgVObSxwnuUMyT7MRPmJQShqs 9Fffowd23dZmXEL/D9ApsTyFAk9VPWKweG4YBLKUdvsZVeamNuws3tOgHBgPUAxu rh8dA7P7a48= =1S2A -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list
