[jdev] GSoC: SSH authentication validation with XEP-0070

Norman Rasmussen norman at rasmussen.co.za
Fri Mar 21 15:30:05 CDT 2008


The key would be compromised on the client host, not the server host.  That
being said, any client host that has my ssh private key, also has my xmpp
password, so I'm not sure how much security that adds.

On Fri, Mar 21, 2008 at 10:22 PM, Peter Saint-Andre <stpeter at stpeter.im>
wrote:

> This one seems odd:
>
>
> http://wiki.jabber.org/index.php/Summer_of_Code_2008#SSH_authentication_validation_with_XEP-0070
>
> If an attacker compromised the key on the host, they could compromise
> the XMPP server (or the script that invokes it), no?
>
> Peter
>
> --
> Peter Saint-Andre
> https://stpeter.im/
>
>


-- 
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20080321/716ac89f/attachment-0002.htm>


More information about the JDev mailing list