[Cryptography] Why aren’t we using SSH for everything?
Tony Arcieri
bascule at gmail.com
Sun Jan 4 02:15:35 EST 2015
On Sat, Jan 3, 2015 at 11:14 PM, Tony Arcieri <bascule at gmail.com> wrote:
> > Do you actually verify key fingerprints
>
> Sure.
>
>>
> > and if so, how?
>
> Well depends... for nodes which I've installed manually, I extract them
>
> locally,... automatically installed nodes are in a securely switched
>
> VLAN, so as soon as I have a secure path to that (e.g. via a login node)
>
> I securely reach the node in question.
>
> For remote nodes I contact their admins for the fingerprints (that's
>
> e.g. how I access CERN),... for some others one may find the
>
> fingerprints on other "secure" paths (e.g. github gives them on their
>
> https website, so if you trust that, you can also trust the
> fingerprint).
>
Forgot to add: this process does not sound like it can scale to every user
on the Internet and every service on the Internet, sorry
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150103/6ffc2732/attachment.html>
More information about the cryptography
mailing list