5 Sep
2003
5 Sep
'03
2 a.m.
-- James A. Donald wrote:
SSH server public/private keys are widely deployed. PKI public keys are not. Reason is that each SSH server just whips up its own keys without asking anyone's permission, or getting any certificates.
On 4 Sep 2003 at 7:56, Eric Murray wrote:
..which means that it still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject.
Not true. Think about what would happen if you tried a man in the middle attack on an SSH server. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 7gudzWOPw/HkajoOG7yWwmYaxnKW/46q33B4RUjZ 4usr8rXpuPWxtPIYUZL34w+oimAMMBUkruTg8Ipgn