Public storage for public keys
Markus Friedl
markus at openbsd.org
Tue Jan 15 09:15:22 EST 2002
On Mon, Jan 14, 2002 at 02:09:10PM -0800, Frank Cusack wrote:
> On Mon, Jan 14, 2002 at 01:45:19PM -0800, Frank Cusack wrote:
> > On Mon, Jan 14, 2002 at 11:42:07PM +0300, Michael Tokarev wrote:
> > > On another side, for storing *public* keys, there is no
> > > *real* need to be *so* suspicious.
>
> I see in my previous email I didn't actually respond to this statement.
> *Yes* there is a *real* need to be suspicious for *public* keys. If
> you blindly trust the public key, you expose yourself to MITM attacks.
>
> This is a significant problem in ssh.
>
> That is why PGP has its own trust model. That is why (eg) X.509 certs
> must be signed.
that is why users ignore X.509 certs and click ok? :)
More information about the openssh-unix-dev
mailing list