Michael L Torrie wrote: > On Wed, 2007-03-14 at 10:07 -0700, Nicholas Leippe wrote: > >> This is an optimization. Your host does this with the idea that if you do >> decide to talk to one of these machines from which it has already seen ARP >> traffic, it can skip that step. >> >> As for man-in-the middle, playing with ARP can cause disruption of services, >> and could intercept insecure protocols. Which is why for critical data, ssl >> or other secure mechanism should be used. >> > > Additionally this is why SSL uses certificates that should be verified > to prove that the host is who it says it is. Also ssh key fingerprints > should always be verified. How often do we ssh into a box and just > automatically type "yes" to the fingerprint authorization? > > Michael > Well, this makes me wonder. Is there a standard way to configure ssh to use certificates, and for clients to maintain a list of trusted CAs and trusted certificates?
-- Topher Fischer GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19 EFF5 2FC3 BE99 D123 6674 [EMAIL PROTECTED]
signature.asc
Description: OpenPGP digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
