[Security] Gajim 0.12's E2E encryption UI -ssh keys

Pavel Simerda pavlix at pavlix.net
Sat Aug 23 09:51:11 CDT 2008


On Sat, 23 Aug 2008 11:23:29 +0200
Johansson Olle E <oej at edvina.net> wrote:

> 
> 23 aug 2008 kl. 11.01 skrev Dirk Meyer:
> 
> >> People just want to get things done.  If you say "verify this
> >> code" and you
> >> show them the code, and the only options are to proceed with a  
> >> verified code
> >> or not proceed at all, then people are just going to lie to your  
> >> software and
> >> press "okay" (see SSH).
> >
> > Yes, I never check ssh keys on first connection. I only check stuff
> > if the keys was changed later.
> 
> That's why there's now SSH clients that check DNS for the keyprint
> as well,
> to have an extra layer of security. With normal DNS, this is just an  
> addon,
> kind of out-of-band check. With DNS security, it gets better.

Do you really believe in DNS security?

> /O


-- 

Web: http://www.pavlix.net/
Jabber & Mail: pavlix(at)pavlix.net
OpenID: pavlix.net


More information about the Security mailing list