Comment 15 for bug 524226
Revision history for this message
| Dustin Kirkland (kirkland) wrote Re: ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Marc-
I think that's true if you're receiving an arbitrary key from an untrusted source (such as the first time you log into a remote server).
However, in this case, I think:
a) You're communicating over SSL with a server and a valid certificate (hence, the server is authenticated and attested)
b) The user who's keys you are retrieving had to authenticate themselves with Launchpad in order to upload their key, all of which was conducted over SSL.
In this case, I think the chain of trust comes down to:
a) Are you sure you're talking to Launchpad.net?
b) Are you sure that the user who's key you're retrieving authenticated with Launchpad when uploading these keys?
I believe these are assumptions you and I safely make every day, in the course of our daily work through firefox, dput, apt-get, and various other utilities.
:-Dustin