Ian Paterson wrote:
AFAIK almost nobody checks the fingerprints when using SSH.
I do. But the more I study security, the more paranoid I become. Whether that's a good thing, I'm not sure. :)
Also, IMHO, SSH is more vulnerable than ESessions because people are more likely to check a SAS than a fingerprint,
Agreed.
and because SSH is typically negotiated over an unencrypted Internet connection whereas ESessions should pass over TLS c2s and s2s.
Should. :) But right now you don't know if all the hops are encrypted via TLS, so even with ESessions in place it would be good to have a way to check all the hops for channel encryption.
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
