security
Dan Lyke
danlyke at flutterby.com
Tue Oct 24 14:01:51 UTC 2006
On Mon, 23 Oct 2006 21:21:48 -0700, James A. Donald wrote:
> Because SSH has only one mode, and that mode secure, the
> user will seldom see an "are you sure" dialog, and is
> therefore not trained to click through that dialog.
I disagree.
Every user I've taught to use SSH, after the first connection they
make, hasn't blinked an eye at the question about server identity that
they get the first time they make a connection to a new server.
Heck, even I'm not terribly careful about checking my server
identities closely.
There's a bit of a pause at editing "known_hosts" when the server
identity changes, and if the concensus runs away from an additional
layer of trust in terms of CAs, perhaps that's a place that we can
take a cue from SSH, asking relying parties to cache and verify in
subsequent connections the server identity.
Dan
More information about the general
mailing list