static BUNDLED_REVOCATIONS: &[(&str, &str, &str)]
Expand description

List of keys that public hosts have rotated away from.

We explicitly distrust these keys as users with the old key in their local configuration will otherwise be vulnerable to MITM attacks if the attacker has access to the old key. As there is no other way to distribute revocations of ssh host keys, we need to bundle them with the client.

Unlike BUNDLED_KEYS, these revocations will not be ignored if the user has their own entries: we know that these keys are bad.