Comment by throw0101a

throw0101a Apr 15, 2025 parent

Okay, the key is compromised: that means they can MITM the trust relationship. But with modern algorithms you have forward security, so even if you've sniffed/captured the traffic it doesn't help.

And I would argue that MITMing communications is a lot hard for (non-nation state) attackers than compromising a host, so trust compromise is a questionable worry.

gruez Apr 15, 2025

>And I would argue that MITMing communications is a lot hard for (non-nation state) attackers than compromising a host, so trust compromise is a questionable worry.

By that logic, we don't really need certificates, just TOFU.

throw0101d Apr 15, 2025

> By that logic, we don't really need certificates, just TOFU.

It works fairly well for SSH, but that tends to be a more technical audience. But doing a "Always trust" or "Always accept" are valid options in many cases (often for internal apps).

tptacek Apr 15, 2025

It does not work well for SSH. We just don't care about how badly it works.

throw0101d Apr 15, 2025

> It does not work well for SSH. We just don't care about how badly it works.

How "should" it work? Is there a known-better way?

tptacek Apr 15, 2025

Yes: SSH certificates. (They're unrelated to X509 certificates and the WebPKI).

3 More Comments →

This item has no comments currently.