* Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu> [2001.11.28 10:44:02-0600]:
> Bull. Give me one reason why it sucks. It's the way of giving them
> anonymous cvs access without too much hassle. Or do you believe
> that letting them have *a private key* is bad because it's called
> "private"? It's just a word, you know...
i know. but there are two problems: one, you lose trust in a single
user means you have to redistribute new private keys. and two - it's a
proven fact that when i have my own password or my own key, i am a
little more protective off it. aside, with a single key you can't
determine who leaked the key in case of a third party entry, *and* you
still have the problem of distribution. a private key is not a private
key because it's your key, but the concept of a private key in
asymmetric encryption is that *it does not cross the wire*. and when
you start distributing with floppy disks, you might well create single
keys because you have to (a) hand users the floppy, (b) make sure that
they don't leave it anywhere, (c) make sure that they install it
correctly, (d) make sure that permissions are right, (e) make sure
that they don't leave the disk next to the keyboard while they grab a
coffee as they continue to install the private key, (f) make sure they
don't copy the disk, (g) make sure they return the disk to you, (h)
make sure that they don't lose it on the way, (i) and then you
realize, just having distributed 300 keys, that the floppy screwed up
a single bit. goto (a). you can't offer secure downloads because
that's more or less a bootstrapping problem, and most importantly, you
are actively working against the concept behind public key
encruyption. enough arguments?
> ...with the second method, you
> > have more administrative overhead, but you can also just simply
> > take privileges away from a single user without anyone else having
> > to worry or changing passwords or getting a new identity or this
> > or that.
>
> Yes, and you also have one to one key->user map, so the setup is not
> anonymous. Which may not be a good thing.
so then give me a way to figure out which identity logged in to ssh if
they all log in as one user? debug mode doesn't count as it's not
productive, unless you have a terminal and processor cycles to spare.
damn, with one single file i still have the IP, so it's not anonymous
now is it? aside, whether it's anonymous or not depends on the
configuration. and even if you see the connecting identity, you'd have
to be bloody interested to map the bytes making up the public identity
to a user...
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"we should have a volleyballocracy.
we elect a six-pack of presidents.
each one serves until they screw up,
at which point they rotate."
-- dennis miller
Attachment:
pgpQUVimd0E67.pgp
Description: PGP signature