Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 7 Jan 2001 14:25:35 -0500 (EST)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Robert Watson <rwatson@FreeBSD.ORG>
Cc:        security@FreeBSD.ORG
Subject:   Re: Fw: Re: Antisniffer measures (digest of posts)
Message-ID:  <200101071925.OAA04427@khavrinen.lcs.mit.edu>
In-Reply-To: <Pine.NEB.3.96L.1010107111516.27948D-100000@fledge.watson.org>
References:  <E14FFLX-0003ok-00@smtpout.kingston-internet.net> <Pine.NEB.3.96L.1010107111516.27948D-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 7 Jan 2001 11:21:16 -0500 (EST), Robert Watson <rwatson@FreeBSD.ORG> said:

> an SSL telnet does offer something that SSH does not have: the ability to
> connect to a new host without a manual keying procedure.

Some people would say that this is a liability.  I've got a number of
particularly argumentative users here who insist that trusted third
parties of any kind are fundamentally bad.  While I don't necessarily
agree, it is true that in any X.509 configuration it is necessary to
be very careful about which CAs one trusts and for which purposes.
(For our SSL applications here, we will only trust our own CA, since
it is the only one capable of authenticating our users.)

-GAWollman



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101071925.OAA04427>