--
James A. Donald:
My two most recent logins were with First National
Bank of Omaha and Your IBM Savings plan
Is firstnational.com the same entity as First
National Bank of Omaha? Is
https://lb22.resources.hewitt.com; the same entity
as Your IBM Savings plan
From: Ben
On 12/18/05, Ben Laurie [EMAIL PROTECTED] wrote:
It would happen at least as much as it happens with
https, and it happens enough with https that false
negatives enormously outweigh true negatives.
True, but I don't see false negatives very often with https at all. And
I visit far more
--
James A. Donald
Let us imagine that SSH had certified keys. Well,
certifying a key is bound to be complicated, and
things are bound to go wrong, and the name that you
bind it to is bound to be somewhat shifty.
Ben Laurie
I don't see why that would happen all that much,
It
James A. Donald wrote:
--
James A. Donald
Let us imagine that SSH had certified keys. Well,
certifying a key is bound to be complicated, and
things are bound to go wrong, and the name that you
bind it to is bound to be somewhat shifty.
Ben Laurie
I don't see why that would happen
David Mercer wrote:
And my appologies to Ben Laurie and friends, but why after all these
years is the UI interaction in ssh almost exactly the same when
accepting a key for the first time as overriding using a different one
when it changed on the other end, whether from mitm or just a
James A. Donald wrote:
--
From: Ben Laurie [EMAIL PROTECTED]
if the key changes in OpenSSH you can't connect until
you take positive action by deleting the old key from
the known_hosts file. This is totally different to
accepting a new key.
I will agree that something
David Mercer wrote:
And my appologies to Ben Laurie and friends, but why after all these
years is the UI interaction in ssh almost exactly the same when
accepting a key for the first time as overriding using a different one
when it changed on the other end, whether from mitm or just a
On 12/15/05, Ben Laurie [EMAIL PROTECTED] wrote:
David Mercer wrote:
Thanks for the apology, but ... ssh is not my fault.
Sorry, crosswired openssl and openssh in my brain!
I will agree that something better than just showing you the key would
be cool. Like maybe it could be signed by
--
From: Ben Laurie [EMAIL PROTECTED]
if the key changes in OpenSSH you can't connect until
you take positive action by deleting the old key from
the known_hosts file. This is totally different to
accepting a new key.
I will agree that something better than just
(Hopefully this is sent as ascii, as I had previously set my gmail to
send in utf-8 encoding, as I often send email in french as well as
english. -djm)
On 12/11/05, James A. Donald [EMAIL PROTECTED] wrote:
It is not my position that inability to sign means that
the chairman of the board is
10 matches
Mail list logo