[Cryptography] Why aren’t we using SSH for everything?

Pawel Veselov pawel.veselov at gmail.com
Sun Jan 4 03:43:59 EST 2015

On Sat, Jan 3, 2015 at 11:46 PM, Andreas Junius <andreas.junius at gmail.com>
> On 04/01/15 17:26, Randy Bush wrote:
>> Do you actually verify key fingerprints, and if so, how?
>> gpg signed attestations, e.g. see up front of my site, https://psg.com
> Not sure if that helps at all - the CA is an invalid certificate and would
> be expired even if the validity dates were correct. That doesn't indicate
> proper cert handling...

And if it was SSH, how would we ever truly verify that public key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150104/fea55f9f/attachment.html>

More information about the cryptography mailing list