- From: Andy Lyttle <whatwg@phroggy.com>
- Date: Wed, 22 Oct 2008 00:16:25 -0700
> This is similar to the SSH model; the first time you connect, > you're expected to manually check by some means that you're > connecting to the right server. On subsequent connections, you > won't be bothered unless the key changes. > > I'll concede that in most cases no-one actually verifies the key in > the first connection case, but at least this requires an attacker > to intercept your *first* connection from a particular client, > rather than just any connection. I may not verify the key manually, but if my first connection to a particular server is made over a local network that I trust to be secure, then I can trust the key my SSH client has saved. This is not at all an uncommon situation: I set up a new server, I plug my laptop into the local LAN, I log in to make sure everything works. Later, when I'm sitting in a restaurant waiting for lunch and my laptop is connected to an untrusted public wifi network, I know the key my SSH client saved is legitimate. This wouldn't be common with HTTP. -- Andy Lyttle whatwg at phroggy.com
Received on Wednesday, 22 October 2008 00:16:25 UTC