Crypto and UI issues
James A. Donald
jamesd at echeque.com
Fri Dec 16 15:56:29 EST 2005
--
From: Ben Laurie <ben at algroup.co.uk>
> if the key changes in OpenSSH you can't connect until
> you take positive action by deleting the old key from
> the known_hosts file. This is totally different to
> accepting a new key.
>
> I will agree that something better than just showing
> you the key would be cool. Like maybe it could be
> signed by something so you can verify it that way. Oh,
> wait. That's PKI, and we all know PKI is broken.
But in what it is it broken?
Let us imagine that SSH had certified keys. Well,
certifying a key is bound to be complicated, and things
are bound to go wrong, and the name that you bind it to
is bound to be somewhat shifty. You might bind the key
to ben.com, but then your host is ssh.ben.com. So
pretty soon users are frequently seeing error dialogs -
and so, pretty soon, are always clicking through them.
What is a true name is a deep and difficult question,
and one that people have little patience for when trying
to log in. We are overloaded with names, with the
result that true names are of limited value in
ascertaining true relationships.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Ot8xxQDU9pyVndHTn5kzTOr2CRK60LeWklc4NDLR
4M3vcDbhvr3PhPb10v1p7VO47zgc7ubuUbnhrhoXa
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list