Re: [tlug] SSH Issues

[Edward Middleton <emiddleton@example.com>]

Stephen J. Turnbull wrote:
> Curt Sampson writes:
>
>  > To be precise, he's not "running an authenticated server"; he, just like
>  > the bad guy attacking you, is merely running a server. It's you that's
>  > doing the authentication (or not, as the case may be).
>
> Authentication is a cooperative act.  He has to do more than "just"
> run a server, either he has to provide a CA-signed certificate or he
> has to communicate with me.  AFAIK it is correct usage to say that the
> server "authenticates its transmissions" by providing credentials
> (even if I don't verify them) as well as to say that I "authenticate
> the server" by verifying the credentials.  No?
>   

SSL allows the server to authenticate the user (at the SSL level using
client certificates) so saying

a server "authenticates its transmissions"

is a bit ambiguous/confusing.

>  > On 2008-11-25 18:50 +0900 (Tue), Edward Middleton wrote:
>  > 
>  > > Obviously non-authenticated connection provides some utility in your
>  > > situation but it is to security what a sheet of newspaper is to
>  > > shelter.
>  > 
>  > I rather like that way of putting it.
>
> I do too.  I've often rested on a bench with a newpaper over my face
> as shelter from the sun.  You should try it sometime.  ;-)
>   

I decided to buy an umbrella last night though I did have a paper handy ;)

Edward