Bugtraq mailing list archives

Re: "The End of SSL and SSH?"

From: Brett Glass <brett () LARIAT ORG>
Date: Wed, 20 Dec 2000 13:31:41 -0700

At 11:47 AM 12/19/2000, Perry E. Metzger wrote:

I doubt it. SSH and SSL are fine protocols, but are dependent on key
management mechanisms. What you are noting is that key management is a
hard problem. Well, so it is -- but that doesn't mean that if we
change the way we do key management that SSH and SSL would go
away. The protocols themselves are fine.


I agree with Perry. The protocols are useful; they simply cannot "chew
our food for us," as it were. No matter how secure the encryption scheme
we use, we must always take responsibility for managing our keys and
passwords or all attempts at security are for nought.

--Brett Glass



"The plural of anecdote is data." -- Marc Bekof

Current thread:

sshmitm, webmitm Dug Song (Dec 18)
- Re: sshmitm, webmitm Samuele Giovanni Tonon (Dec 20)
  - Re: sshmitm, webmitm Boris Lorenz (Dec 21)
- "The End of SSL and SSH?" Perry E. Metzger (Dec 20)
  - Re: "The End of SSL and SSH?" Kurt Seifried (Dec 19)
    - Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 19)
    - Re: "The End of SSL and SSH?" Stefan Monnier (Dec 20)
    - Re: "The End of SSL and SSH?" Brett Glass (Dec 20)
    - Re: "The End of SSL and SSH?" Crispin Cowan (Dec 20)
    - Re: "The End of SSL and SSH?" Ajax (Dec 20)
    - Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
    - Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
    - Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
    - Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
  - Re: "The End of SSL and SSH?" Alfred Perlstein (Dec 20)
    - Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)
  - Re: "The End of SSL and SSH?" Kurt Seifried (Dec 21)
    - Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)

(Thread continues...)