On Mon, 2003-10-13 at 20:27, Ian Grigg wrote: > The situation is so ludicrously unbalanced, that if > one really wanted to be serious about this issue, > instead of dismissing certs out of hand (which would > be the engineering approach c.f., SSH), one would > run ADH across the net and wait to see what happened.
I don't think that this is an accurate characterisation of the situation wrt SSH. The SSH protocol supports certificates (X.509 and OpenPGP), though most implementations don't. Around a year ago, Markus Friedl posted patches to enable X.509 certs for OpenSSH, but there was little interest. Also, SSH is somewhere between the two extremes of ADH and the PKIish hierarchial trust. Protocol 2 uses DH, so you have the PFS properties, but most implementations offer better opportunities for key verification than the popular SSL implementations (in web browsers). E.g. I don't recall a web browser offering a fingerprint for a private key, except behind a number of confusing dialogs, nor present me with ALL CAPS warnings when webservers change their keys. -d --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]