On 22 Dec, Kris Kennaway wrote:
> On Sat, Dec 23, 2000 at 01:25:11PM +1300, David Preece wrote:
>> At 15:37 22/12/00 -0800, you wrote:
>>
>> >The question asked is: why you believe ssh is beter
>> >than say telnet. Or what advantages SSH has in general.
>>
>> Sorry, don't have time to reply to this properly.
>>
>> The main evil of ssh is that server authentication is not enforced, making
>> mounting a man-in-the-middle attack basically trivial.
>
> Incorrect..the problems with SSH come down to flaws in the human
> operator who ignore the warnings SSH gives them, and tell it
> explicitly to do insecure things like connect to a server which is
> suddenly not the one you're used to connecting to.
>
Are you stateing that one of the issues with SSH is
a social issue and not a technical?
> These flaws can be all but eliminated by telling SSH to not even give
> the poor weak confused human the choice of answering yes to the
> question, by setting of a simple configuration option.
>
> JMJr, a good place to start your talk on "The Evils of SSH" might be
> the Pavlovian conditioning of humans to answer "Yes" to every question
> a computer gives them..focus on the real problem here.
>
I'm giving your comments some consideration.
Is there any other evidence that might help this type of
arugement out? I've consider it, but it is a weak arguement
and it really needs a solid foundation for presentation.
Can you site(sp?) and specific studies or experiments
that might aide in this area?
Jessem.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
