|
From: | Alec H. Peterson |
Subject: | Re: Dynamic Addresses issue |
Date: | Sun, 18 May 2003 21:45:43 -0600 |
It doesn't seem that it would be too hard to do, and as such I'm considering just doing it myself, but first I'm curious if anybody thinks there would be a security implication of doing this. The way I see it, trusting the public key is more secure than the current method of just trusting the IP address, since somebody could hijack an IP address in the dynamic range and insert an un-trusted key.
Note that I mean this trust is in place with the current implementation of the DynamicAddresses configuration directive, clearly when requiring both the IP address and key to match the stored state optimal security is achieved.
Alec
[Prev in Thread] | Current Thread | [Next in Thread] |