On Tue, 2006-10-10 at 02:12 +0200, Joerg Jaspert wrote: > On 10802 March 1977, Florent Rougon wrote:
... > > > 2. I have to trust the integrity of db.debian.org. > > Signing the keys you would have to trust whoever signed it. Same thing. > I don't see that as being the same thing at all. Without some reliable source to verify the new host key, one just has to _hope_ that no man-in-the-middle attack is occurring (as suggested by the ssh warning). Without a signature, he has to trust that his DNS and/or proxy is trustworthy, that db.debian.org is not compromised, and thus the published key is correct & no MITM attack is occurring. With a signature, he just has to trust that signer f00's key has not been compromised, thus the published host key info is trustworthy and a MITM is not happening. It seems clear to me that the amount of trust required is much less in the second scenario. Am I overlooking some obvious mitigating factor in the first scenario? -davidc -- Get your facts first, and then you can distort them as much as you please. -Mark Twain -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
