John R. Levine wrote:
Worse, SSH is no better than TELNET because SSH based on PKI is not
cryptographically secure at all as was demonstrated by Diginotar:
Uh, what? SSH doesn't use PKI or CAs. You might want to review RFCs
4250 through 4254.
No, SSH originally was not used with PKI.
But, as I updated openssh just recently, I noticed some
mention use of certificates. Openssh 5.4 introduced a
way to be operated under PKI.
Still, I should not assume SSH always use PKI. Thank
you about that.
Anyway, recognizing https: relying on PKI is not
so secure should be helpful for this thread.
BTW, I can't see any point to favor anonymous sftp
over anonymous ftp. Are there any?
Masataka Ohta
