[Cryptography] Why aren’t we using SSH for everything?
Tony Arcieri
bascule at gmail.com
Sun Jan 4 01:14:38 EST 2015
On Sat, Jan 3, 2015 at 8:48 PM, Christoph Anton Mitterer <
calestyo at scientia.net> wrote:
> I don't see any reason why SSH should be weaker than anything else. In
> fact it is not.
>
It's not because SSH supports an X.509-like CA system
> No one forces users to blindly trust a remote host key on first
> encountering it, that's why there are fingerprints and people should
> validate those - if people are stupid and don't validate them, well then
> you can't help such folks.
Do you actually verify key fingerprints, and if so, how?
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150103/26e3b648/attachment.html>
More information about the cryptography
mailing list