From owner-freebsd-security Sun Jan 7 11:25:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 4E4A437B400; Sun, 7 Jan 2001 11:25:36 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id OAA04427; Sun, 7 Jan 2001 14:25:35 -0500 (EST) (envelope-from wollman) Date: Sun, 7 Jan 2001 14:25:35 -0500 (EST) From: Garrett Wollman Message-Id: <200101071925.OAA04427@khavrinen.lcs.mit.edu> To: Robert Watson Cc: security@FreeBSD.ORG Subject: Re: Fw: Re: Antisniffer measures (digest of posts) In-Reply-To: References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > an SSL telnet does offer something that SSH does not have: the ability to > connect to a new host without a manual keying procedure. Some people would say that this is a liability. I've got a number of particularly argumentative users here who insist that trusted third parties of any kind are fundamentally bad. While I don't necessarily agree, it is true that in any X.509 configuration it is necessary to be very careful about which CAs one trusts and for which purposes. (For our SSL applications here, we will only trust our own CA, since it is the only one capable of authenticating our users.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message