On Sat, 23 Aug 2008 11:23:29 +0200 Johansson Olle E <[EMAIL PROTECTED]> wrote:
> > 23 aug 2008 kl. 11.01 skrev Dirk Meyer: > > >> People just want to get things done. If you say "verify this > >> code" and you > >> show them the code, and the only options are to proceed with a > >> verified code > >> or not proceed at all, then people are just going to lie to your > >> software and > >> press "okay" (see SSH). > > > > Yes, I never check ssh keys on first connection. I only check stuff > > if the keys was changed later. > > That's why there's now SSH clients that check DNS for the keyprint > as well, > to have an extra layer of security. With normal DNS, this is just an > addon, > kind of out-of-band check. With DNS security, it gets better. Do you really believe in DNS security? > /O -- Web: http://www.pavlix.net/ Jabber & Mail: pavlix(at)pavlix.net OpenID: pavlix.net
