KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: sommerfeld@orchard.arlington.ma.us
cc: Keith Moore <moore@cs.utk.edu>, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From: Keith Moore <moore@cs.utk.edu>
Date: Mon, 25 Mar 2002 20:56:06 -0500
In-reply-to: (Your message of "Mon, 25 Mar 2002 20:24:58 EST.") <20020326012503.4CD622A4E@orchard.arlington.ma.us>
Sender: owner-keydist@cafax.se
Subject: Re: My take on the BoF session

> So, last I checked, the DNS root was *already* a critical service.
> Someone who can get bogus data into it can already cause no end of
> chaos.

right, but placing an even greater trust it it does not seem wise.

> By "moderate" I mean "better than what ssh uses today by default, and
> not as painful as what you typically have to go through to set up
> x.509".  Maybe I should have said "low" assurance and called what ssh
> does "no" assurance.

I think it would more accurate to say that you are trying to increase 
the difficulty of a MitM attack on ssh's initial key exchange (and
that of similar protocols), than that you are providing some level of 
assurance.    

Keith

Follow-Ups:
- Re: My take on the BoF session
  - From: Johan Ihren <johani@autonomica.se>
- Re: My take on the BoF session
  - From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>

References:
- Re: My take on the BoF session
  - From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>

Prev by Date: Re: My take on the BoF session
Next by Date: Re: My take on the BoF session
Prev by thread: Re: My take on the BoF session
Next by thread: Re: My take on the BoF session
Index(es):
- Date
- Thread

Home | Date list | Subject list