Once you have established an SSH relationship the protocol allows you
to determine with a high degree of confidence that you are connecting
to the same end point in future.
That is not a perfect security control but it is a very useful one. It
is a much more useful control than any provided by infrastructure that
is not deployed.
On Fri, Feb 26, 2010 at 3:58 AM, Masataka Ohta
<mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp> wrote:
Phillip Hallam-Baker wrote:
SSH is not a bad security protocol. It provides a very high level of
protection against high probability risks with little or no impact on
the user. There is a narrow window of vulnerability to a man in the
middle attack.
As a security researcher, I can teach you that the security you
observe is not of SSH but of return routability.
Return routability over many third party ISPs is not 'verifiable',
of course.
Masataka Ohta
--
--
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf