Re: Fixing exchange of host keys in the SSH key exchange

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>, "ietf-ssh%netbsd.org@localhost" <ietf-ssh%netbsd.org@localhost>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Mon, 27 Mar 2017 05:55:04 +0000

Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

>It _does_ give the tools to those competent to use them; I think that's about
>all any such protocol can really expect to do.

It also warns about key changes so you can take action if necessary, which is
something that SSL doesn't.  Bank of America web site now hosted in the
Ukraine on a Windows 7 Home Premium box?  Let's see, it has a $5.99 GoDaddy
certificate.  Seems legit [0].

(I've only ever encountered one SSL-using app that warns that the key/cert
you're getting now differs from the one you got last time.  I'm sure there are
more out there, but none of the mainstream stuff does it).

Peter.

[O] I know, I like to bash PKI, but with farcical behaviour like this it's
    hard not to.

Follow-Ups:
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Mouse

References:
- Fixing exchange of host keys in the SSH key exchange
  - From: denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Mouse
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Mouse

Prev by Date: Re: Fixing exchange of host keys in the SSH key exchange
Next by Date: Re: Fixing exchange of host keys in the SSH key exchange
Previous by Thread: Re: Fixing exchange of host keys in the SSH key exchange
Next by Thread: Re: Fixing exchange of host keys in the SSH key exchange
Indexes:

Home | Main Index | Thread Index | Old Index