X.509 support in ssh (revisited)

Markus Friedl markus at openbsd.org
Thu Jan 24 03:42:46 EST 2002


On Wed, Jan 23, 2002 at 10:31:38AM -0600, mouring at etoh.eviladmin.org wrote:
> Does X.509 really make sense with SSH?  I mean you are still not going to
> get Verisigned licenses and even that you are putting your trust in a 3rd
> party certificate which has no real bearing on the trust of the machine in
> question.

well it could make hostkey management simpler, but i see
no difference between people clicking on
	"continue, i don't care about this hostkey"
and
	"continue, i don't care about the certificate for this hostkey"

-m



More information about the openssh-unix-dev mailing list