Author: Gregory Maxwell 2016-08-08 17:42:45
Published on: 2016-08-08T17:42:45+00:00
In a discussion on bitcoin-dev, Andy Schroder expressed mixed feelings about tying identity-public-keys with a static IP address. He suggested that the table could also support DNS names instead of just IP addresses. The purpose of the table is to identify which server ID to expect; however, the design aims to preserve privacy even if IP addresses change. To prevent MITM attacks, the client must know the identity of the server it is expecting. The system is designed to inhibit fingerprinting and nodes cannot be tracked around the network unless their pubkeys are published.When asked about allowing for wildcard options, the response was that such nodes would not be listed in the file and clients could ask the server to authenticate without authenticating themselves. OpenSSH does not make an effort to protect its user's privacy like bitcoin does. A node can only configure one identity-key per listening network interface, but no reason exists for this limitation. Nodes should be able to have as many listening identities as they want with a similar cost to having a large authorized keys list.
Updated on: 2023-05-19T23:38:47.851145+00:00