Crypto and UI issues
Ben Laurie
ben at algroup.co.uk
Fri Dec 16 01:25:05 EST 2005
David Mercer wrote:
> And my appologies to Ben Laurie and friends, but why after all these
> years is the UI interaction in ssh almost exactly the same when
> accepting a key for the first time as overriding using a different one
> when it changed on the other end, whether from mitm or just a
> key/IP/hostname change?
Thanks for the apology, but ... ssh is not my fault.
However, I don't really understand the problem here - if the key changes
in OpenSSH you can't connect until you take positive action by deleting
the old key from the known_hosts file. This is totally different to
accepting a new key.
I will agree that something better than just showing you the key would
be cool. Like maybe it could be signed by something so you can verify it
that way. Oh, wait. That's PKI, and we all know PKI is broken.
> Horrible, horrible UI, and I'm not sure what's worse, that or trying
> to USE pgp (gpg, whatever) from a command line, or getting it
> integrated into a gui mail client.
Two words: Thunderbird, enigmail.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list