[Cryptography] Why aren’t we using SSH for everything?

Randy Bush randy at psg.com
Sun Jan 4 02:23:35 EST 2015

>>> Do you actually verify key fingerprints, and if so, how?
>> gpg signed attestations, e.g. see up front of my site, https://psg.com
> Used ubiquitously by every single server you ever SSH to? How many is
> that, by the way?

you asked a question.  i made the mistake of answering.  won't do that

i think we all understand the trust structures of x.509, ssh, pgp, etc.
well, i sure hope so.

the internet is not a hierarchy, police states are.  -- a tee shirt i
had made


More information about the cryptography mailing list