Re: Q: RSA Authentication vs. Password Authentication in SSH

[Dave Sherohman <esper@sherohman.org>]

On Sun, Nov 19, 2000 at 01:16:10PM +1100, Brian May wrote:
> I am afraid you have lost me here. Are you asking how you can securely
> transfer the public keys of your clients (not an easy task),

OK, now you's lost me...  I thought the big advantage of public keys was
exactly that - they're public.  You don't have to worry about transferring
them securely, so long as the corresponding private key remains safe.

To map this onto the specific case at hand, ssh, if you were to obtain my
public ssh key, the worst thing that could result from this interception is
that you could add it to your list of authorized_keys and allow me to freely
use your account - which is a detriment to the person intercepting the key,
not the person owning it.  (I'm ignoring the possibility that you might try
to factor the public key, as doing so is generally considered to be a
practical impossibility for the foreseeable future.)

Or have I grossly misunderstood something?

-- 
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Geek Code 3.1:  GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+