[Cryptography] Why aren’t we using SSH for everything?
fedor.brunner at azet.sk
Sun Jan 4 03:20:47 EST 2015
On 03.01.2015 23:53, Tony Arcieri wrote:
> SSH has a generally weaker model (TOFU) than at least a privately
> maintained X.509 hierarchy (the answer for a stronger/more agile approach
> on the SSH side is X.509-like SSH CAs). Likewise, TOFU handles key agility
SSH supports also X.509 vertificates
> There are lots of real world reasons why keys might change. In fact key
> agility is a nice property! SSH makes it hard. I'm sure we've all seen the
> above warning, been confused about the circumstances, but ignored it.
> Then there's the part where you need to respecify every protocol to run
> atop SSH instead of TLS.
> In terms of overall design, SSH and TLS both failed. SSH did
> MAC-and-encrypt. TLS did MAC-then-encrypt. Both of them are effectively
> legacy protocols that were designed wrong from the get-go.
> The cryptography mailing list
> cryptography at metzdowd.com
More information about the cryptography