23 aug 2008 kl. 11.01 skrev Dirk Meyer:
People just want to get things done. If you say "verify this code"
and you
show them the code, and the only options are to proceed with a
verified code
or not proceed at all, then people are just going to lie to your
software and
press "okay" (see SSH).
Yes, I never check ssh keys on first connection. I only check stuff if
the keys was changed later.
That's why there's now SSH clients that check DNS for the keyprint as
well,
to have an extra layer of security. With normal DNS, this is just an
addon,
kind of out-of-band check. With DNS security, it gets better.
/O
