>>>>> "Markus" == Markus Friedl <[EMAIL PROTECTED]> writes:
Markus> rhosts-rsa authentication without priveledged ports is useless.
Please state why, exactly, this is the case. rhosts-rsa already
authenticates based on (IP, RSA-key). How is (IP, RSA-key, sport <1024) any
more or less secure? Either the key is secure, or it isn't. It has nothing
whatsoever to do with the source port.
Or am I missing something about how rhosts-rsa works?
(Of course, replacing (IP, RSA-key) with (inband-host-identifier, RSA-key)
would be even better, and solve that NAT issue. After all, you aren't
_really_ trusting the IP address, you're just using it as an index to find
the RSA key.)
--
Carson Gaspar -- [EMAIL PROTECTED]
Queen Trapped in a Butch Body
