Hi, >> When systems come with good usability properties in the key management >> (SSH, and I modestly suggest ZRTP and Tahoe-LAFS) then we don't see >> this pattern. People are willing to use secure tools that have a good >> usable interface. Compare HTTPS-vs-HTTP to SSH-vs-telnet (this >> observation is also due to Ian Grigg). > > I reject the SSH key management example though. Especially if you've > ever maintained a large number/variety of unix servers running SSH, > where hardware failures, machine upgrades, etc. lead to frequent SSH > key churn. In those cases the only solutions are:
I can second that with an observation made by several users of the German Research Network (DFN), in December 2009. Someone had registered a long list of typo domains, i.e. domains like tu-munchen.de instead of tu-muenchen.de, and then installed an SSH daemon that would respond on all subdomains. Some users (including a colleague and myself) noticed that they suddenly got a host-key-mismatch warning when accessing their machines via SSH - and found that they had mistyped the host name *and still got an SSH connection*. Neither my colleague nor me had entered our passwords yet, but that was only because we were sensitive to host key changes at that moment because we had re-installed the machines just a few days before the event. The server that delivered the typo domains was located in South Africa, BTW. I don't even know if legal persecution is possible, and I don't think anyone attempted. The DFN reacted in a robust way by blocking access to the typo domains in their DNS. Not a really good way, but probably effective for most users. The question, after all, is how often do you really read the SSH warnings? How often do you just type on or retry or press "accept"? What if you're the admin who encounters this maybe 2-3 times day? (Also, Ubuntu, I believe, has been known to change host keys without warning when doing a major update of openssh.) Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
