On Sun, Oct 19, 2003 at 01:42:34AM -0600, Damien Miller wrote: > On Sun, 2003-10-19 at 00:47, Peter Gutmann wrote: > > > >What was the motive for adding lip service into the document? > > > > So that it's possible to claim PGP and X.509 support if anyone's interested in > > it. It's (I guess) something driven mostly by marketing so you can answer > > "Yes" to any question of "Do you support <x>". You can find quite a number of > > these things present in various security specs, it's not just an SSH thing. > > I think that you are misrepresenting the problem a little. At > least one vendor (ssh.com) has a product that supports both X.509 > and PGP, so the inclusion of these in the I-D is not just marketing > overriding reality - just a lack of will on part of the the draft's > authors.
I believe the VanDyke implementation also supports X.509, and interoperates with the ssh.com code. It was also my perception that, at the time, the VanDyke guy was basically shouted down when trying to discuss the utility of X.509 for this purpose and put his marbles back in his cloth sack and went home. I see lack of any chained trust mechanism as _the_ major weakness of the SSH protocol. X.509 is not exactly pleasant, but it is what has emerged as the standard for identity certificates and it is functional for that purpose, and there are many implementations available; there are even multiple implementations available for the SSH protocol. I have to regard the lack of certificate/chain-of-trust support in the SSH protocol as a highly negative result of a knee-jerk reaction to the very _mention_ of an X.500 series standard on the working group mailing list, by people who did not offer any functional alternative seemingly because they thought the laughable status quo ante -- with *no* way to validate the certificate presented by a given peer on initial contact -- was fine. It's a shame that dsniff and the other toolkits for attacking that protocol weakness did not exist at the time. Thor --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
