[Cryptography] WireGuard
Jeremy Stanley
fungi at yuggoth.org
Thu Aug 30 18:28:32 EDT 2018
On 2018-08-30 16:56:12 +0100 (+0100), Howard Chu wrote:
[...]
> ssh's default key model is "convenient" but less secure than the
> certificate authority model, as soon as you have more than one
> computer in an administrative domain. How many people actually
> stop and phone up a remote collaborator to verify a host key the
> first time they connect to a new machine?
[...]
I don't know about you, but I publish SSHFP RRs in DNS for my
systems, so my users (as long as they have working DNSSec) don't
_need_ to call me up. Sometimes there are ways to make these sorts
of models work fine.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180830/2db3d00c/attachment.sig>
More information about the cryptography
mailing list