[Cryptography] WireGuard
Howard Chu
hyc at symas.com
Sat Sep 1 03:28:05 EDT 2018
Stephan Neuhaus wrote:
>
>
> On 30.08.18 17:56, Howard Chu wrote:
>> ssh's default key model is "convenient" but less secure than the certificate authority model, as
>> soon as you have more than one computer in an administrative domain. How many people actually
>> stop and phone up a remote collaborator to verify a host key the first time they connect to a
>> new machine?
>
> I am not a fan of the "certificate authority model", for reasons we don't need to go into here, and I would contest your assertion that it is "less secure" than
> SSH's model,
You misread. The words I wrote above explicitly state that the certificate authority model
is more secure than ssh's default key model.
> but in answer to your question, I refer you to the abstract of Peter Gutmann, Do Users Verify SSH Keys? Usenix :login; August 2011.
> https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf
Thanks for confirming that nobody checks host keys, which was exactly my point.
Most people will skip past unknown TLS certificates too, at least in web browsers. But it's
so much rarer to encounter them that you can train a user population to be suspicious of
them. Particularly in the case of authenticating ssh logins. Then you're no longer talking
about random users and random hosts. With a custom self-signed CA you can tell all of your
users "this is the only valid CA cert" and your entire network of hosts is unambiguously
protected.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list