ietf
[Top] [All Lists]

Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)

2010-03-01 09:39:15
Once you have established an SSH relationship the protocol allows you
to determine with a high degree of confidence that you are connecting
to the same end point in future.

That is not a perfect security control but it is a very useful one. It
is a much more useful control than any provided by infrastructure that
is not deployed.

On Fri, Feb 26, 2010 at 3:58 AM, Masataka Ohta
<mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp> wrote:
Phillip Hallam-Baker wrote:

SSH is not a bad security protocol. It provides a very high level of
protection against high probability risks with little or no impact on
the user. There is a narrow window of vulnerability to a man in the
middle attack.

As a security researcher, I can teach you that the security you
observe is not of SSH but of return routability.

Return routability over many third party ISPs is not 'verifiable',
of course.

                                                       Masataka Ohta






-- 
-- 
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf