--
On 7 Sep 2003 at 7:00, Thomas Shaddack wrote:
Central certification authority has its risks and advantages.
Remembering the fingerprints of known keys and alerting for
the new or changed ones has its advantages too. Why we
shouldn't have it all?
Why there couldn't be a system that
On Sat, 6 Sep 2003, James A. Donald wrote:
Thus under this attack, ssh uncertified keys work far better
than https certified keys.
Central certification authority has its risks and advantages. Remembering
the fingerprints of known keys and alerting for the new or changed ones
has its advantages
--
James A. Donald:
Think about what would happen if you tried a man in the
middle attack on an SSH server.
Eric Murray:
By checking the key against the IP address of the server.
This is easily spoofed. The links I included in my last post
pointed to a tool to do just that
