The key would be compromised on the client host, not the server host. That being said, any client host that has my ssh private key, also has my xmpp password, so I'm not sure how much security that adds.
On Fri, Mar 21, 2008 at 10:22 PM, Peter Saint-Andre <[EMAIL PROTECTED]> wrote: > This one seems odd: > > > http://wiki.jabber.org/index.php/Summer_of_Code_2008#SSH_authentication_validation_with_XEP-0070 > > If an attacker compromised the key on the host, they could compromise > the XMPP server (or the script that invokes it), no? > > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ > > -- - Norman Rasmussen - Email: [EMAIL PROTECTED] - Home page: http://norman.rasmussen.co.za/
