• Barbarian@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 hours ago

    That would rely on the contact of that user using the admin’s public key. In most systems I’ve seen that’d result in a big flashing warning that the user’s key has been changed. So, dangerous for people contacting you for the first time, much more obvious if the 2 users have been talking before that point.

    Other people have raised the much more interesting and potentially dangerous point that it’s very difficult in this context to make sure that a particular public key corresponds with a particular user. I’m way more used to sysadmin style issues where you have a small number of known keypairs, while in this context it’s a large number of mostly unknown keypairs, so you need some way of confirming that. I’m starting to understand why this is a much thornier issue than it appears on the surface.