ARP-spoofing defense

Michael L Torrie torriem at chem.byu.edu
Wed Mar 14 14:45:50 MDT 2007


On Wed, 2007-03-14 at 14:12 -0600, Topher Fischer wrote:
> Well, this makes me wonder.  Is there a standard way to configure ssh to
> use certificates, and for clients to maintain a list of trusted CAs and
> trusted certificates?

Well the theory of SSL certificates is that if you trust the root cert,
you trust the child certs.  It's a flawed theory, obviously.  Anyway, it
doesn't apply to ssh because ssh doesn't have a trust model.  You either
trust a key or you don't.  It's not like ssl where I trust your cert
because it's signed by someone else whom I trust.

Michael

> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */




More information about the PLUG mailing list