On Thursday, 01/14/2010 at 12:25 EST, David Boyes <dbo...@sinenomine.net> wrote: > Ugh. Can we try to avoid more certificate-based stuff until there is a sane > way to manage the things? That's why SCP is more widely used than SFTP; > certificate management is a enormous pain.
ssh has certificate management issues, too. But I agree that central administration of certificates would be a Good Thing. > We won't go into the cost and > extortion involved in getting external assurance for CA identities. Dude. If you want *assurances* about identities, it isn't free. No one said otherwise. Who issues your certificates for ssh? Oh. You generate them *yourself* and ask the server admin to install your public key (or via other key management mechanism)? I'm not impressed. Alan Altmark z/VM Development IBM Endicott