[18254] in bugtraq
Re: "The End of SSL and SSH?"
daemon@ATHENA.MIT.EDU (Brett Glass)
Thu Dec 21 00:13:04 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <4.3.2.7.2.20001220132644.00bac7a0@localhost>
Date: Wed, 20 Dec 2000 13:31:41 -0700
Reply-To: Brett Glass <brett@LARIAT.ORG>
From: Brett Glass <brett@LARIAT.ORG>
X-To: "Perry E. Metzger" <perry@PIERMONT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <87k88w2qoz.fsf@snark.piermont.com>
At 11:47 AM 12/19/2000, Perry E. Metzger wrote:
>I doubt it. SSH and SSL are fine protocols, but are dependent on key
>management mechanisms. What you are noting is that key management is a
>hard problem. Well, so it is -- but that doesn't mean that if we
>change the way we do key management that SSH and SSL would go
>away. The protocols themselves are fine.
I agree with Perry. The protocols are useful; they simply cannot "chew
our food for us," as it were. No matter how secure the encryption scheme
we use, we must always take responsibility for managing our keys and
passwords or all attempts at security are for nought.
--Brett Glass
"The plural of anecdote is data." -- Marc Bekof
