Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
When a server gains a new host key type, PuTTY does what it can to keep using the old key. Better might be to try to certify the new key from the old one.
The SSH protocol doesn't have any facilities designed to help with this, but maybe we can cook up a cross-certification scheme that's compatible with existing servers using key re-exchange.
Ian Jackson has also made some suggestions for protocol extensions to allow more general key rollover (even with keys of the same type) with cooperating servers.
OpenSSH has a protocol for allowing servers to advertise the host keys that they support after connection (hostkeys-00@openssh.com, hostkeys-prove-00@openssh.com. This would at least provide for key rollovers between key types.