From: Jameson Graef Rollins Date: Thu, 19 Jun 2008 03:53:09 +0000 (-0400) Subject: Update TODO after merge. X-Git-Tag: monkeysphere_0.1-1~16^2~1 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6ee67a218916f6f9c30dfe9787109017c11e8185;p=monkeysphere.git Update TODO after merge. --- diff --git a/doc/TODO b/doc/TODO index c17ef61..3538fbf 100644 --- a/doc/TODO +++ b/doc/TODO @@ -3,10 +3,10 @@ Next-Steps Monkeysphere Projects: Detail advantages of monkeysphere: detail the race conditions in ssh, and how the monkeysphere can help you reduce these threat vectors: - threat model reduction diagrams + threat model reduction diagrams. Determine how openssh handles multiple processes writing to - known_hosts file (atomic appends?) + known_hosts/authorized_keys files (lockfile, atomic appends?) Handle unknown hosts in such a way that they're not always removed from known_hosts file. Ask user to lsign the host key? @@ -61,16 +61,12 @@ File bug against ssh-keygen about how "-R" option removes comments File bug against ssh-keygen to see if we can get it to write to hash a known_hosts file to/from stdout/stdin. -Note all threat model reductions (with diagrams). - Add environment variables sections to man pages. Environment variable scoping. Move environment variable precedence before conf file. -Handle lockfiles when modifying known_hosts or authorized_keys. - When using ssh-proxycommand, if only host keys found are expired or revoked, then output loud warning with prompt, or fail hard.