Public storage for public keys
Frank Cusack
fcusack at fcusack.com
Tue Jan 15 09:09:10 EST 2002
On Mon, Jan 14, 2002 at 01:45:19PM -0800, Frank Cusack wrote:
> On Mon, Jan 14, 2002 at 11:42:07PM +0300, Michael Tokarev wrote:
> > On another side, for storing *public* keys, there is no
> > *real* need to be *so* suspicious.
I see in my previous email I didn't actually respond to this statement.
*Yes* there is a *real* need to be suspicious for *public* keys. If
you blindly trust the public key, you expose yourself to MITM attacks.
This is a significant problem in ssh.
That is why PGP has its own trust model. That is why (eg) X.509 certs
must be signed.
/fc
More information about the openssh-unix-dev
mailing list