On 4/14/20 7:48 AM, Alan Altmark wrote: > I consider ssh key exchange weaker than TLS because it doesn’t use a PKI.
What do you mean by "doesn't use a PKI"? > The public-private key pairs never expire and are under end user control, > as are the algorithms for symmetric key exchange. Further, there’s no > equivalent of “certificate validation.” For server verification, there is (now). Server keys (SSHD keys) can be validated via PKI chain. This alleviates the "do you trust this server?" prompt when first connecting. The same is not (yet) true for client keys from what I gather. Note that SSL/TLS/PKI private keys also do not always expire. True, some CAs mandate a new key when requesting a renewed cert. That's not universal, so SSH is no worse (mechanically) on the point of expiration. The value of expiring keys (or certs, for that matter) is illusory. As things stand now, expired keys (or certs) break otherwise legitimate trust. Consider a Windows domain client (different mechanisms, but this paragraph is about trust) which is offline for more than the six month time bomb for that relationship. It's your spare laptop, so you didn't need for it to join the domain. But then the disk in your primary laptop craters. No problem, bring over the spare. But, oooooopppsss!!!, the controllers don't trust it. Day-um! It's all about trust, and trust is a multi-dimentional thing. I argue that SSH is inherently *more* secure than TLS because the base trust *must* be established personally. The problem with such base trust relationships is that _they do not scale_, not that they are less secure. We as a race have not solved both problems, scalability and trust. -- -- R; <>< ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
