On Sat, 2020-10-03 at 19:44 +1000, Damien Miller wrote: > Otherwise, feel free to ask me anything. Was it ever considered that the feature itself could be problematic, security-wise? I see at least two candidates: - It's IMO generally a bad idea to distribute "better/newer" keys over a potentially already weaker trust path (i.e. something secured by the old key). - If some key was compromised (and thus the server itself) an attacker might use the feature to distribute his own keys, which, during clean up from the attack, might be overseen. Cheers,Chris _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
