[ale] emailing public dsa key (good, bad or ugly?)
Sid Lane
jakes.dad at gmail.com
Wed Jan 25 13:58:52 EST 2006
hey,
I am in the process of setting up an automated file transfer to an external
vendor who has agreed to scp over ssh2 but is asking me to email the public
key to them.
is there any risk in doing this via email? I understand the basic
principles of asymetric cryptography and that it shouldn't be possible to
decrypt w/the public key.
I was just wondering if there are any attacks/exploits that knowing it make
easier. FWIW, box that will be pushing to them is behind (a couple of)
firewall(s) so nothing in the wild should even be able to attempt to
initiate an ssh (or anything else for that matter) to it.
what say ye all? o.k. to email or scp it w/password for now.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale
mailing list