[Cryptography] Why aren’t we using SSH for everything?

Tony Arcieri bascule at gmail.com
Sun Jan 4 02:14:22 EST 2015

On Sat, Jan 3, 2015 at 10:49 PM, Christoph Anton Mitterer <
calestyo at scientia.net> wrote:

> > It's not because SSH supports an X.509-like CA system
> ??


> > Do you actually verify key fingerprints
> Sure.
> > and if so, how?
> Well depends... for nodes which I've installed manually, I extract them
> locally,... automatically installed nodes are in a securely switched
> VLAN, so as soon as I have a secure path to that (e.g. via a login node)
> I securely reach the node in question.
> For remote nodes I contact their admins for the fingerprints (that's
> e.g. how I access CERN),... for some others one may find the
> fingerprints on other "secure" paths (e.g. github gives them on their
> https website, so if you trust that, you can also trust the
> fingerprint).

You are the vocal minority

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150103/50fccf26/attachment.html>

More information about the cryptography mailing list