[Cryptography] WireGuard
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Fri Aug 31 03:09:44 EDT 2018
On 30.08.18 17:56, Howard Chu wrote:
> ssh's default key model is "convenient" but less secure than the
> certificate authority model, as
> soon as you have more than one computer in an administrative domain. How
> many people actually
> stop and phone up a remote collaborator to verify a host key the first
> time they connect to a
> new machine?
I am not a fan of the "certificate authority model", for reasons we
don't need to go into here, and I would contest your assertion that it
is "less secure" than SSH's model, but in answer to your question, I
refer you to the abstract of Peter Gutmann, Do Users Verify SSH Keys?
Usenix :login; August 2011.
https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf
Cheers
Stephan
More information about the cryptography
mailing list