[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS server key

From: Geraint Paul Bevan
Subject: Re: CVS server key
Date: Sun, 10 Oct 2004 10:28:21 +0100
User-agent: Mozilla Thunderbird 0.5 (X11/20040306)

Hash: SHA1

John W. Eaton wrote:

| I changed the hardware that runs and the host key did
| change.  I have not posted the host key anywhere.  Where should I post
| the host key?  I'm not sure that it would help to post it on
|, since that is the same system where the cvs archive is
| kept, so if the system is compromised, it would not be possible to
| guarantee the host key shown on the web site.  Or am I missing
| something?
| jwe

If someone were to compromise the machine, they would be able
to insert malicious code without touching the host key so it wouldn't
offer any protection in that case. Where it could perhaps be useful is
if a man-in-the-middle attack were to take place with someone
interfering with data passing between the user and

In this case, even though the attacker could presumably interfere with
any attempts to read the key on, it may still be possible for
~ the user to detect a problem if they are able to check the google cache
of the site without interference.

- --
Geraint Bevan

Version: GnuPG v1.2.4 (GNU/Linux)


Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:
How to fund new projects:
Subscription information:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]