1.9.1 scp problem
Cristian Ionescu-Idbohrn
cristian.ionescu-idbohrn at axis.com
Wed Feb 20 21:08:15 UTC 2008
On Wed, 20 Feb 2008, Denys Vlasenko wrote:
> On Wednesday 20 February 2008 21:22, Cristian Ionescu-Idbohrn wrote:
> >
> > And the MITM will have his way.
> >
> > All, unless you trust every movement on your network.
>
> Well, it happens only on first connect.
But, of course.
> On next connects, fingerprint is already stored and remote's fingerprint
> is compared to it. If it doesn't match, you get big fat warning and ssh
> aborts.
Sure.
> Which makes sense.
If you say so.
> When you meet someone for the very first time,
> usually you have no means to verify it.
True, unfortunately.
> When you connected to your bank's e-banking system over https _for the
> first time_, did you actually verify that it is your bank's site, not
> someone else playing with DNS spoofing?
Also true. But is it acceptable banks do not provide fingerprints for
their certificates? And who bothers?
Cheers,
--
Cristian
More information about the busybox
mailing list