[19283] in cryptography@c2.net mail archive
Re: Crypto and UI issues
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Dec 16 10:40:49 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 16 Dec 2005 06:25:05 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: David Mercer <radix42@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
In-Reply-To: <4cf95cf30512121839y4c370784u15c55886a54c3a48@mail.gmail.com>
David Mercer wrote:
> And my appologies to Ben Laurie and friends, but why after all these
> years is the UI interaction in ssh almost exactly the same when
> accepting a key for the first time as overriding using a different one
> when it changed on the other end, whether from mitm or just a
> key/IP/hostname change?
Thanks for the apology, but ... ssh is not my fault.
However, I don't really understand the problem here - if the key changes
in OpenSSH you can't connect until you take positive action by deleting
the old key from the known_hosts file. This is totally different to
accepting a new key.
I will agree that something better than just showing you the key would
be cool. Like maybe it could be signed by something so you can verify it
that way. Oh, wait. That's PKI, and we all know PKI is broken.
> Horrible, horrible UI, and I'm not sure what's worse, that or trying
> to USE pgp (gpg, whatever) from a command line, or getting it
> integrated into a gui mail client.
Two words: Thunderbird, enigmail.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
