[Ach] StartSSL for Business Sysadmins

Tobias Dussa (SCC) tobias.dussa at kit.edu
Tue Jan 14 09:26:04 CET 2014


On Tue, Jan 14, 2014 at 09:21:02AM +0100, Martin Rublik wrote:
> > So in what world are GPG and SSH better concepts?  Yes, they do provide the user
> > the theoretical possibility to do key verification in a more sensible way.  That
> > doesn't mean that people actually do that.  In fact, at this point, I'd say that
> > the vast majority of serious GPG users are somewhat concerned about their
> > privacy, certainly more so than the average, and even THESE people don't always
> > verify stuff properly. 
> You are not alone, see Peter Gutmann's Do Users Verify SSH Keys?
> https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf

THX for the pointer.

The wise man never plays leapfrog with a unicorn.


Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association

More information about the Ach mailing list