| |||||||||||||
China, GitHub and the man-in-the-middle (Greatfire)China, GitHub and the man-in-the-middle (Greatfire)Posted Jan 31, 2013 0:03 UTC (Thu) by robert_s (subscriber, #42402)In reply to: China, GitHub and the man-in-the-middle (Greatfire) by avsej Parent article: China, GitHub and the man-in-the-middle (Greatfire)
Yes, but it does that by more or less _ignoring_ the problem of key distribution (leaving the user to manually verify a host's fingerprint). SSL at least tries that by using a PKI (public key infrastructure) - however such things aren't always perfect, which is what the article is trying to point out.
(Log in to post comments)
China, GitHub and the man-in-the-middle (Greatfire) Posted Jan 31, 2013 8:19 UTC (Thu) by pabs (subscriber, #43278) [Link]
There is a PKI for SSH too:
China, GitHub and the man-in-the-middle (Greatfire) Posted Feb 1, 2013 8:59 UTC (Fri) by job (guest, #670) [Link]
Any modern OpenSSH will look up SSHFP in DNS. Provided you turn on DNSSEC (and github actually publishes this), that's as good as it gets. The root key trustees are few and very closely guarded.
China, GitHub and the man-in-the-middle (Greatfire) Posted Feb 5, 2013 8:51 UTC (Tue) by Lennie (subscriber, #49641) [Link]
DNS in China ? Really ? That is the first thing they mess with. If you are behind the Chinese Firewall, DNSSEC isn't gonna work.
|
|||||||||||||