|
|
Log in / Subscribe / Register

China, GitHub and the man-in-the-middle (Greatfire)

China, GitHub and the man-in-the-middle (Greatfire)

Posted Jan 31, 2013 0:03 UTC (Thu) by robert_s (subscriber, #42402)
In reply to: China, GitHub and the man-in-the-middle (Greatfire) by avsej
Parent article: China, GitHub and the man-in-the-middle (Greatfire)

Yes, but it does that by more or less _ignoring_ the problem of key distribution (leaving the user to manually verify a host's fingerprint). SSL at least tries that by using a PKI (public key infrastructure) - however such things aren't always perfect, which is what the article is trying to point out.

to post comments

China, GitHub and the man-in-the-middle (Greatfire)

Posted Jan 31, 2013 8:19 UTC (Thu) by pabs (subscriber, #43278) [Link]

There is a PKI for SSH too:

http://web.monkeysphere.info/

China, GitHub and the man-in-the-middle (Greatfire)

Posted Feb 1, 2013 8:59 UTC (Fri) by job (guest, #670) [Link] (1 responses)

Any modern OpenSSH will look up SSHFP in DNS. Provided you turn on DNSSEC (and github actually publishes this), that's as good as it gets. The root key trustees are few and very closely guarded.

China, GitHub and the man-in-the-middle (Greatfire)

Posted Feb 5, 2013 8:51 UTC (Tue) by Lennie (subscriber, #49641) [Link]

DNS in China ? Really ? That is the first thing they mess with. If you are behind the Chinese Firewall, DNSSEC isn't gonna work.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds