* Dimitri Maziuk <[EMAIL PROTECTED]> [2001.11.28 10:44:02-0600]: > Bull. Give me one reason why it sucks. It's the way of giving them > anonymous cvs access without too much hassle. Or do you believe > that letting them have *a private key* is bad because it's called > "private"? It's just a word, you know...
i know. but there are two problems: one, you lose trust in a single user means you have to redistribute new private keys. and two - it's a proven fact that when i have my own password or my own key, i am a little more protective off it. aside, with a single key you can't determine who leaked the key in case of a third party entry, *and* you still have the problem of distribution. a private key is not a private key because it's your key, but the concept of a private key in asymmetric encryption is that *it does not cross the wire*. and when you start distributing with floppy disks, you might well create single keys because you have to (a) hand users the floppy, (b) make sure that they don't leave it anywhere, (c) make sure that they install it correctly, (d) make sure that permissions are right, (e) make sure that they don't leave the disk next to the keyboard while they grab a coffee as they continue to install the private key, (f) make sure they don't copy the disk, (g) make sure they return the disk to you, (h) make sure that they don't lose it on the way, (i) and then you realize, just having distributed 300 keys, that the floppy screwed up a single bit. goto (a). you can't offer secure downloads because that's more or less a bootstrapping problem, and most importantly, you are actively working against the concept behind public key encruyption. enough arguments? > ...with the second method, you > > have more administrative overhead, but you can also just simply > > take privileges away from a single user without anyone else having > > to worry or changing passwords or getting a new identity or this > > or that. > > Yes, and you also have one to one key->user map, so the setup is not > anonymous. Which may not be a good thing. so then give me a way to figure out which identity logged in to ssh if they all log in as one user? debug mode doesn't count as it's not productive, unless you have a terminal and processor cycles to spare. damn, with one single file i still have the IP, so it's not anonymous now is it? aside, whether it's anonymous or not depends on the configuration. and even if you see the connecting identity, you'd have to be bloody interested to map the bytes making up the public identity to a user... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "we should have a volleyballocracy. we elect a six-pack of presidents. each one serves until they screw up, at which point they rotate." -- dennis miller
pgp78j1PYmWZJ.pgp
Description: PGP signature
