[14673] in cryptography@c2.net mail archive
Re: WYTM?
daemon@ATHENA.MIT.EDU (Damien Miller)
Fri Oct 17 09:38:06 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Damien Miller <djm@mindrot.org>
To: iang@systemics.com
Cc: Tim Dierks <tim@dierks.org>, cryptography@metzdowd.com
In-Reply-To: <3F8B5F21.CFCF36A7@systemics.com>
Date: 17 Oct 2003 07:07:13 -0600
On Mon, 2003-10-13 at 20:27, Ian Grigg wrote:
> The situation is so ludicrously unbalanced, that if
> one really wanted to be serious about this issue,
> instead of dismissing certs out of hand (which would
> be the engineering approach c.f., SSH), one would
> run ADH across the net and wait to see what happened.
I don't think that this is an accurate characterisation of
the situation wrt SSH.
The SSH protocol supports certificates (X.509 and OpenPGP),
though most implementations don't. Around a year ago, Markus
Friedl posted patches to enable X.509 certs for OpenSSH, but
there was little interest.
Also, SSH is somewhere between the two extremes of ADH and
the PKIish hierarchial trust. Protocol 2 uses DH, so you have
the PFS properties, but most implementations offer better
opportunities for key verification than the popular SSL
implementations (in web browsers).
E.g. I don't recall a web browser offering a fingerprint for
a private key, except behind a number of confusing dialogs,
nor present me with ALL CAPS warnings when webservers change
their keys.
-d
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
