Allow for lookup of hashed hostnames in the public keyservers?
Right now, running @monkeysphere update-known_hosts@ with no other arguments tries to update every entry in @~/.ssh/known_hosts@ by pulling from the public keyservers.
However, it skips over all hashed hostnames at the moment.
Do we want to keep that policy? Would there be any reason for us to support looking up hashed hostnames in the public keyservers? Anonymous ssh hostkey lookups somehow? We've talked about supporting this, but haven't walked through all the edge cases yet.
I worry about implying more secrecy than we can really provide. e.g. it would be bad to do a hashed lookup followed by a non-hashed lookup of the same hostname. And it would be absolutely silly for an admin who uploads an OpenPGP certificate with the hashed name as a User ID to also include a non-hashed User ID -- the binding would then be immediately public and easily retrievable.
At any rate, if we continue to ignore hashed known_hosts entries, maybe we want to record how many entries we ignored, and issue some sort of aggregated report at the VERBOSE level or higher, like:
ms: 5 hashed known_hosts entries ignored
(from redmine: created on 2009-03-24)