IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Fixing exchange of host keys in the SSH key exchange
Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:
>It _does_ give the tools to those competent to use them; I think that's about
>all any such protocol can really expect to do.
It also warns about key changes so you can take action if necessary, which is
something that SSL doesn't. Bank of America web site now hosted in the
Ukraine on a Windows 7 Home Premium box? Let's see, it has a $5.99 GoDaddy
certificate. Seems legit [0].
(I've only ever encountered one SSL-using app that warns that the key/cert
you're getting now differs from the one you got last time. I'm sure there are
more out there, but none of the mainstream stuff does it).
Peter.
[O] I know, I like to bash PKI, but with farcical behaviour like this it's
hard not to.
Home |
Main Index |
Thread Index |
Old Index