xsprite@bigfoot.com wrote:
Sure. The only way to safely communcate host key fingerprints is either in person or via PGP-signed[0] mail where the keys' autheticity has been established to an acceptable (to the parties involved) degree through signatures on the PGP keys used.
Yep, I've yet to see this implemented in any ssh implementation? gpg/openssh integration would be nice. or just keys stored in openpgp format. gpg --recv-keys to obtain host keys would be interesting.
this sounds like kerberos to me, but my knowledge is limited.. anybody care to correct me ??
Sz
My main point, which I did not express explicitly, is that it is not the responsibility of the data link layer to make communications on that medium secure.
Yes. The transport or session layer is far more apt and more flexible.
alug, the Anglian Linux User Group list Send list replies to alug@stu.uea.ac.uk http://www.anglian.lug.org.uk/ http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug See the website for instructions on digest or unsub!