Johansson Olle E wrote: > > 23 aug 2008 kl. 11.01 skrev Dirk Meyer: > >>> People just want to get things done. If you say "verify this code" >>> and you >>> show them the code, and the only options are to proceed with a >>> verified code >>> or not proceed at all, then people are just going to lie to your >>> software and >>> press "okay" (see SSH). >> >> Yes, I never check ssh keys on first connection. I only check stuff if >> the keys was changed later. > > That's why there's now SSH clients that check DNS for the keyprint as well, > to have an extra layer of security. With normal DNS, this is just an addon, > kind of out-of-band check. With DNS security, it gets better.
There is some kind of OpenPGP add-on as well where you can sign host keys with your key and then the host keys are verified against yours on connection. -- Best regards, Duane
