On 11/19/10 7:42 AM, Jonathan Schleifer wrote: > Am 19.11.2010 um 00:22 schrieb Matthew Wild: > >> In SSH at least you get notified (quite loudly) that the server >> fingerprint has changed. > > Not only that: You have to type "yes" to confirm you verified the > fingerprint on the first connection attempt. This is not really leap > of faith, it's verifying the fingerprint. It's only leap of faith if > the user is too lazy / dumb / uninformed to verify the fingerprint. > It was never designed as leap of faith, it's just what many users > made out of it. And it fails if some government wants to read your > traffic and just MITMs every SSH connection you try to establish.
Yes, and there are even some people out there who check the fingerprints on the first connection attempt. :) Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
