On 26.03.18 19:16, Yuri wrote:
Disagree. My point about TLS is quite different. SSH, by design, assumes end-to-end encryption and do not assumes any third-party treats as trusty, like TLS does.
actually, the ssh DOES support certificate authorities that sign client or host keys, so you don't need to transfer it over SSH server - it's just not widely used. https://www.ssh.com/ssh/keygen/#sec-Using-X-509-Certificates-for-Host-Authentication
SSH immediately notice you when server key surprisingly changed.
only when you already have the host key installed in your client. If there's MITM attack before you get the key, you will not notice that, unless you get the key by other (secure) way. unlike SSL, SSH was not designed to be used globally between everyone, more within one or more "friend" organizations, so it didn't specify how host keys are verified (the SSHFP DNS record just transfers trust to DNS, which can be hijacked too).
Yes, users is involved in both cases. However the difference still here. SSH is end-to-end always by design (we're not talking about things like Kerberos here), TLS is not.
TLS was designed to be end-to-end encryption and the certificate authority system was built to fullfil this. The bumping proxies, antiviruses, and application firewalls just break this. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
