To:
sommerfeld@orchard.arlington.ma.us
cc:
Keith Moore <moore@cs.utk.edu>, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Mon, 25 Mar 2002 20:56:06 -0500
In-reply-to:
(Your message of "Mon, 25 Mar 2002 20:24:58 EST.") <20020326012503.4CD622A4E@orchard.arlington.ma.us>
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
> So, last I checked, the DNS root was *already* a critical service. > Someone who can get bogus data into it can already cause no end of > chaos. right, but placing an even greater trust it it does not seem wise. > By "moderate" I mean "better than what ssh uses today by default, and > not as painful as what you typically have to go through to set up > x.509". Maybe I should have said "low" assurance and called what ssh > does "no" assurance. I think it would more accurate to say that you are trying to increase the difficulty of a MitM attack on ssh's initial key exchange (and that of similar protocols), than that you are providing some level of assurance. Keith