[Cryptography] Why aren’t we using SSH for everything?
Tony Arcieri
bascule at gmail.com
Sun Jan 4 02:14:22 EST 2015
On Sat, Jan 3, 2015 at 10:49 PM, Christoph Anton Mitterer <
calestyo at scientia.net> wrote:
> > It's not because SSH supports an X.509-like CA system
> ??
>
https://www.digitalocean.com/community/tutorials/how-to-create-an-ssh-ca-to-validate-hosts-and-clients-with-ubuntu
> > Do you actually verify key fingerprints
> Sure.
>
> > and if so, how?
> Well depends... for nodes which I've installed manually, I extract them
> locally,... automatically installed nodes are in a securely switched
> VLAN, so as soon as I have a secure path to that (e.g. via a login node)
> I securely reach the node in question.
> For remote nodes I contact their admins for the fingerprints (that's
> e.g. how I access CERN),... for some others one may find the
> fingerprints on other "secure" paths (e.g. github gives them on their
> https website, so if you trust that, you can also trust the
> fingerprint).
You are the vocal minority
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150103/50fccf26/attachment.html>
More information about the cryptography
mailing list