Laurie: Improving SSL certificate security

Laurie: Improving SSL certificate security

To be clear, OpenSSH and the official SSH clients (with strict host checking on, which is the default setting) do come to a full stop when they detect a key change, and this is what I recommend. You have to run a separate program (ssh-keygen with the -R option), or hand-edit the authorized_keys file using a text editor, and delete the offending cached entry in order to connect. The ssh client's error message does not tell the user how to do these things, so you have to know it already, or look it up in man pages etc., something that a non-technical user will not do. (Other SSH implementations handle this differently.)

Although there are obviously legitimate reasons for key changes, on balance they should be rare, unusual events. (Cryptographers will scream and protest, since frequent key changes lead to more interesting problems, more research grants, etc., but let's face it, real world users operate under different assumptions and have different needs.) Let's provide the correct incentives to achieve the optimal balance, rather than the current system which encourages frequent and superfluous key changes.

It is true that SSH has a more technical userbase, and that even the simplest system that I can think of is still too complex for regular users. But this is hardly a reason to support the current certificates system.