[Cryptography] WireGuard
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Mon Sep 3 03:09:12 EDT 2018
On 01.09.18 09:28, Howard Chu wrote:
> Stephan Neuhaus wrote:
>>
>>
>> On 30.08.18 17:56, Howard Chu wrote:
>>> ssh's default key model is "convenient" but less secure than the
>>> certificate authority model, as
>>> soon as you have more than one computer in an administrative domain.
>>> How many people actually
>>> stop and phone up a remote collaborator to verify a host key the
>>> first time they connect to a
>>> new machine?
>>
>> I am not a fan of the "certificate authority model", for reasons we
>> don't need to go into here, and I would contest your assertion that it
>> is "less secure" than SSH's model,
>
> You misread. The words I wrote above explicitly state that the
> certificate authority model
> is more secure than ssh's default key model.
Sorry, my mistake. That was what I meant: I contest that the CA model is
*more* secure than SSH's model.
Cheers
Stephan
More information about the cryptography
mailing list