a couple nitpicks on otherwise interesting points... On Wed, Mar 17, 2004 at 09:02:17AM -0500, sunder wrote: > Look at how many folks use PGP - those who really know it and want it, or > those who know enough about it and have some easily automated > implementation that plugs in to their mail client. (i.e. commercial pgp > with Eudora/Outlook plug in. As an aside, I'm still pissed off that the > Mozilla mail client doesn't support PGP/GPG in addition to S/MIME or > whatever the hell..) > There's a well-supported extension for that: http://enigmail.mozdev.org/ Actually, plans are in the works to make S/MIME an extension as well, so the two will soon be on equal footing. > There are ways to protect against this such as publishing a line for the > known-hosts entry by other means, but no one does this (yet?) (i.e: > sneakernet, finger, web page, pgp signed/encrypted email, over the > telephone, etc.) (Another useful thing is to use public keys for SSH > instead of passwords: this way the attacker won't be able to reuse your > password - but you're still compromised the second you login.) > Out-of-band transmission of known-hosts entries has been standard operating procedure everywhere *I* have used ssh for the past 10 years. I thought everyone did that.
regards, petard
