[Cryptography] Why aren’t we using SSH for everything?
bascule at gmail.com
Sun Jan 4 02:14:22 EST 2015
On Sat, Jan 3, 2015 at 10:49 PM, Christoph Anton Mitterer <
calestyo at scientia.net> wrote:
> > It's not because SSH supports an X.509-like CA system
> > Do you actually verify key fingerprints
> > and if so, how?
> Well depends... for nodes which I've installed manually, I extract them
> locally,... automatically installed nodes are in a securely switched
> VLAN, so as soon as I have a secure path to that (e.g. via a login node)
> I securely reach the node in question.
> For remote nodes I contact their admins for the fingerprints (that's
> e.g. how I access CERN),... for some others one may find the
> fingerprints on other "secure" paths (e.g. github gives them on their
> https website, so if you trust that, you can also trust the
You are the vocal minority
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography