[Security] Gajim 0.12's E2E encryption UI -ssh keys

Duane at e164 dot org duane at e164.org
Sat Aug 23 04:57:07 CDT 2008


Johansson Olle E wrote:
> 
> 23 aug 2008 kl. 11.01 skrev Dirk Meyer:
> 
>>> People just want to get things done.  If you say "verify this code"
>>> and you
>>> show them the code, and the only options are to proceed with a
>>> verified code
>>> or not proceed at all, then people are just going to lie to your
>>> software and
>>> press "okay" (see SSH).
>>
>> Yes, I never check ssh keys on first connection. I only check stuff if
>> the keys was changed later.
> 
> That's why there's now SSH clients that check DNS for the keyprint as well,
> to have an extra layer of security. With normal DNS, this is just an addon,
> kind of out-of-band check. With DNS security, it gets better.

There is some kind of OpenPGP add-on as well where you can sign host
keys with your key and then the host keys are verified against yours on
connection.

-- 

Best regards,
 Duane


More information about the Security mailing list