IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Fixing exchange of host keys in the SSH key exchange



denis bider (Bitvise) <ietf-ssh3%denisbider.com@localhost> writes:

>What you found is NOT that people use TOFU (Trust On First Use). They use
>TWAT - Trust Whatever, Any Time:

Damn, I could've used that in the article :-).

>This is highly problematic because it means that, while SSH is supposed to
>defend against MITM in theory, it does not defend in practice.

Yeah, as the article points out, X.509 fans can point out that SSH is no
better, and SSH fans can point out that SSH is no worse.

Peter.



Home | Main Index | Thread Index | Old Index