At Wed, 14 May 2008 19:52:58 -0400, Steven M. Bellovin wrote: > > Given the published list of bad ssh keys due to the Debian mistake (see > http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be > updated to contain a blacklist of those keys? I suspect that a Bloom > filter would be quite compact and efficient.
I've been having a similar thought. This also probably applies to SSL keys, given the rather lack attitude that most clients have about checking CRLS. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
