"Kurt Seifried" <[EMAIL PROTECTED]> writes:
> The basic problem is that most people do not check the keys (and
> will accept keys with warnings like out of date, self signed, or
> pointing to the wrong site).
While I agree that this is a problem, I frankly found your article
on this topic extremely confusing. In particular, it implied that
this problem is basic to SSL--unless client authentication is used.
This is incorrect. All the user needs to do is refuse to click
through the numerous warnings that the browser pops up.
The basic point here is that SSL and SSH are both safe
if properly used. If improperly used, no security system
is safe.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Kurt Seifred's article on securityportal Greg Stark
- Re: Kurt Seifred's article on securityportal David Lang
- Re: Kurt Seifred's article on securityportal Eric Rescorla
- Re: Kurt Seifred's article on securityportal Greg Stark
- Re: Kurt Seifred's article on securityportal Kurt Seifried
- Re: Kurt Seifred's article on securityport... Jackie Chan
- Re: Kurt Seifred's article on securityport... Eric Rescorla
- Re: Kurt Seifred's article on securityport... Thomas Nichols
- Re: Kurt Seifred's article on security... Robert Sandilands
- Re: Kurt Seifred's article on sec... Sean Wieland
- RE: Kurt Seifred's article on... Gary Feldman
- Re: Kurt Seifred's articl... Ulf Moeller
- Re: Kurt Seifred's articl... Michael T. Babcock
- Re: Kurt Seifred's articl... Sean Wieland
- Re: Kurt Seifred's article on securityport... Jeffrey Burgoyne
- Re: Kurt Seifred's article on securityportal Goetz Babin-Ebell
- Re: Kurt Seifred's article on securityportal Jeff Ritchie
