[Cryptography] Why aren’t we using SSH for everything?

Christoph Anton Mitterer calestyo at scientia.net
Sun Jan 4 01:49:47 EST 2015

On Sat, 2015-01-03 at 22:14 -0800, Tony Arcieri wrote: 
> On Sat, Jan 3, 2015 at 8:48 PM, Christoph Anton Mitterer
> <calestyo at scientia.net> wrote:
>         I don't see any reason why SSH should be weaker than anything
>         else. In
>         fact it is not. 
> It's not because SSH supports an X.509-like CA system

> Do you actually verify key fingerprints

> and if so, how? 
Well depends... for nodes which I've installed manually, I extract them
locally,... automatically installed nodes are in a securely switched
VLAN, so as soon as I have a secure path to that (e.g. via a login node)
I securely reach the node in question.
For remote nodes I contact their admins for the fingerprints (that's
e.g. how I access CERN),... for some others one may find the
fingerprints on other "secure" paths (e.g. github gives them on their
https website, so if you trust that, you can also trust the

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150104/99939605/attachment.bin>

More information about the cryptography mailing list