[Cryptography] WireGuard
jamesd at echeque.com
jamesd at echeque.com
Thu Aug 30 20:02:48 EDT 2018
On 30/08/2018 23:56, Howard Chu wrote:
> ssh's default key model is "convenient" but less secure than the
> certificate authority model, as
> soon as you have more than one computer in an administrative domain. How
> many people actually
> stop and phone up a remote collaborator to verify a host key the first
> time they connect to a
> new machine?
The first time you connect to a new machine there is nothing at stake,
and it is hard for potential enemies to detect you even if there is
something at stake.
If they launched a man in the middle attack on everyone, would be
detected. If they only launch man in the middle attacks on persons of
interest, key continuity suffices, since a person of interest is likely
somewhat paranoid, and by the time they come after him, has probably
established key continuity.
More information about the cryptography
mailing list