[Security] S2S Leap of faith w/ SASL EXTERNAL
stpeter at stpeter.im
Fri Nov 19 09:16:57 CST 2010
On 11/19/10 7:42 AM, Jonathan Schleifer wrote:
> Am 19.11.2010 um 00:22 schrieb Matthew Wild:
>> In SSH at least you get notified (quite loudly) that the server
>> fingerprint has changed.
> Not only that: You have to type "yes" to confirm you verified the
> fingerprint on the first connection attempt. This is not really leap
> of faith, it's verifying the fingerprint. It's only leap of faith if
> the user is too lazy / dumb / uninformed to verify the fingerprint.
> It was never designed as leap of faith, it's just what many users
> made out of it. And it fails if some government wants to read your
> traffic and just MITMs every SSH connection you try to establish.
Yes, and there are even some people out there who check the fingerprints
on the first connection attempt. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
More information about the Security