SSH, NTP, FTP (eek!)…
-
-
Replying to @Scott_Dayman @jedisct1
SSH doesn’t depend on the DNS for security; in fact, not depending on the DNS is the entire purpose of SSH (it replaces the DNS-dependent r-commands).
3 replies 0 retweets 0 likes -
I'd like to know I'm SSH'ing to the right server. There's a chance the host has an SSHFA record…but that depends on DNSSEC. Isn't the point of DNSSEC to stop MITMing DNS?
3 replies 0 retweets 0 likes -
Replying to @Scott_Dayman @jedisct1
SSH uses key continuity to ensure that you’re not MITM’d; it doesn’t rely on DNS, which, again, is the point of the whole system.
1 reply 0 retweets 0 likes -
I feel like I'm hogging up the thread, and I don't mean to be difficult. But first SSH connection knows nothing about the destination other than hostname, right?
2 replies 0 retweets 0 likes -
Replying to @Scott_Dayman @jedisct1
Yes, which is why you get a fingerprint to verify out-of-band.
2 replies 0 retweets 0 likes -
Replying to @tqbf @Scott_Dayman
SSH fingerprints are the equivalent of PGP trust levels. They’re available, but nobody gives a shit, because they’re too complicated/confusing/time consuming.
2 replies 0 retweets 3 likes -
If only an authenticated out-of-band system was available ... that would be nice if we could store that in DNS along with the ip address!
1 reply 0 retweets 0 likes -
(glad nobody said the word “blockchain” yet)
1 reply 0 retweets 2 likes -
Blockchain!
1 reply 0 retweets 0 likes
Godwin point reached.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.