What could have been done differently?

• Previous message (by thread): What could have been done differently?
• Next message (by thread): What could have been done differently?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 29, 2003 at 12:21:50PM -0800, matt at snark.net said:
[snip]
>   >   So far, the closest thing I've seen to this concept is the ssh
>   >   administrative host model: adminhost:~root/.ssh/id_dsa.pub is
>   >   copied to every targethost:~root/.ssh/authorized_keys2, such that
>   >   commands can be performed network-wide from a single station.
>   >
>   > Do you even read what you write? How does a host with root access to
>   > an entire set of hosts exemplify the least privilege principle?
> 
>   Your selections from my post managed to obscure the fact that I was making
>   more than one point. I did _not_ state that the ssh key mgmt system outlined
>   above exemplifies least privilege. I was merely making a comparison between
>   that model and the topic under discussion, central
>   administrative/authenticating authorities.
> 
> So when windowsupdate does it, its a problem, because they aren't
> using ssh keys? I'm just confused, as they both seem to represent the
> same model in your discussion, however one is a "problem" and the
> other is a sugegsted practice.

When windowsupdate does it, it's more problematic because I have no way of
knowing what machine that is, who's controlling it ... I'm basically relying
on DNS. There's no strong crypto used for authentication there that I'm aware
of. Perhaps I'm misinformed. I consider the use of ssh keys I generated, from
machines I built, to be more trustworthy than relying on DNS as the
authentication mechanism.

> Is it because windowsupdate requres explicit action on each client
> machine to operate?

That's not necessarily true either. Anyway, my point was, windowsupdate has
been spoofed, and spoofing DNS is easier than trying to spoof or MIM an auth
system that uses strong crypto. It's not perfect, but it's better than
relying solely on DNS.

(I can't seem to find the news article I'm thinking of, but I'm pretty sure
it's out there. I'll keep looking.)

> I'm still missing whatever point you were trying to make in your
> original post.

Go read it again then, and spare us all your lack of comprehension.

>   Please do not put words into my mouth.
> 
> I'm not. I'm simply quoting ones coming from it.

You did indeed put words into my mouth - you wrote:
----
Do you even read what you write? How does a host with root access to
an entire set of hosts exemplify the least privilege principle?
----

when I had NOT drawn any correlation, AT ALL, between the ssh key admin model
and the principle of least privilege. They were two separate topics that just
happened to be discussed in the same posting.

This is my last post in this thread; further flames should be directed
offlist.
-- 
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030129/0fc4d5a3/attachment.sig>

• Previous message (by thread): What could have been done differently?
• Next message (by thread): What could have been done differently?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]