Re: [Monotone-devel] opportunistic server keys

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] opportunistic server keys

From:	Nathaniel Smith
Subject:	Re: [Monotone-devel] opportunistic server keys
Date:	Tue, 28 Dec 2004 14:31:47 -0800
User-agent:	Mutt/1.5.6+20040907i

On Mon, Dec 27, 2004 at 10:27:33PM -0800, Andy Isaacson wrote:
> Is there any particular reason why monotone can't do the ssh trick of
> "I'm connecting to a server I've never seen before, simply prompt the
> user to see if I should automatically accept its key"?  Out of band key
> management is such a pain.

Simply that it hasn't hit the top of anyone's priority stack.  Patches
welcome.

I have some vague UI preference for separating the operations of "suck in
a key from this server" and "sync with this server", so sync'ing with
a server whose key you don't recognize is a hard error, rather than
ssh's soft error.  I'm not entirely sure, though; I don't entirely
grok what sort of attacks the netsync signing stuff is supposed to
prevent.  (Especially since it, e.g., does not confirm that the key
the server uses is the key that that server is supposed to use.)

-- Nathaniel

-- 
.i dei jitfa fanmo xatra

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] opportunistic server keys, Andy Isaacson, 2004/12/28
- Re: [Monotone-devel] opportunistic server keys, Julio M. Merino Vidal, 2004/12/28
- Re: [Monotone-devel] opportunistic server keys, Nathaniel Smith <=

Prev by Date: Re: [Monotone-devel] Re: monotone-viz 0.6
Next by Date: Re: [Monotone-devel] debian package creation
Previous by thread: Re: [Monotone-devel] opportunistic server keys
Next by thread: [Monotone-devel] debian package creation
Index(es):
- Date
- Thread