[18271] in bugtraq
Re: "The End of SSL and SSH?"
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Dec 21 12:58:31 2000
Message-ID: <873dfifxuc.fsf@snark.piermont.com>
Date: Wed, 20 Dec 2000 18:59:39 -0500
Reply-To: "Perry E. Metzger" <perry@WASABISYSTEMS.COM>
From: "Perry E. Metzger" <perry@WASABISYSTEMS.COM>
X-To: Alfred Perlstein <bright@wintelcom.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Alfred Perlstein's message of "Wed, 20 Dec 2000 15:45:42 -0800"
Alfred Perlstein <bright@wintelcom.net> writes:
> > If this is truly the extent of the flaw Mr. Seifried things requires a
> > full PKI to fix, I'd like to know why setting
> >
> > StrictHostKeyChecking yes
> >
> > isn't a near-complete fix to the "End of SSH" Mr. Seifried predicts.
[...]
> And yes, his prediction is based on the stupidity and carelessness of
> users who are pavlovian trained to click/reply "YES, I don't care about
> this problem" when confronted with a dialog box no matter how dire the
> warning in the dialogue.
But setting StrictHostKeyChecking to "yes" means you aren't prompted
any more. In any case, that's an application issue, not a protocol issue.
Perry
--
Perry E. Metzger perry@wasabisystems.com
--
Quality NetBSD CDs, Support & Service. http://www.wasabisystems.com/
