WYTM?

Thor Lancelot Simon tls at rek.tjls.com
Sun Oct 19 13:39:00 EDT 2003 

On Sun, Oct 19, 2003 at 01:42:34AM -0600, Damien Miller wrote:
> On Sun, 2003-10-19 at 00:47, Peter Gutmann wrote:
> 
> > >What was the motive for adding lip service into the document?
> > 
> > So that it's possible to claim PGP and X.509 support if anyone's interested in
> > it.  It's (I guess) something driven mostly by marketing so you can answer
> > "Yes" to any question of "Do you support <x>".  You can find quite a number of
> > these things present in various security specs, it's not just an SSH thing.
> 
> I think that you are misrepresenting the problem a little. At 
> least one vendor (ssh.com) has a product that supports both X.509 
> and PGP, so the inclusion of these in the I-D is not just marketing 
> overriding reality - just a lack of will on part of the the draft's
> authors. 

I believe the VanDyke implementation also supports X.509, and interoperates
with the ssh.com code.  It was also my perception that, at the time, the
VanDyke guy was basically shouted down when trying to discuss the utility
of X.509 for this purpose and put his marbles back in his cloth sack and
went home.

I see lack of any chained trust mechanism as _the_ major weakness of the
SSH protocol.  X.509 is not exactly pleasant, but it is what has emerged as
the standard for identity certificates and it is functional for that
purpose, and there are many implementations available; there are even
multiple implementations available for the SSH protocol.  I have to regard
the lack of certificate/chain-of-trust support in the SSH protocol as a
highly negative result of a knee-jerk reaction to the very _mention_ of
an X.500 series standard on the working group mailing list, by people who
did not offer any functional alternative seemingly because they thought
the laughable status quo ante -- with *no* way to validate the certificate
presented by a given peer on initial contact -- was fine.  It's a shame
that dsniff and the other toolkits for attacking that protocol weakness
did not exist at the time.

Thor

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list