[cfarm-users] SSH key fingerprints for gcc farm machine

Martin Guy martinwguy at gmail.com
Mon May 6 07:09:55 CEST 2019


On 05/05/2019, Jeffrey Walton via cfarm-users
<cfarm-users at lists.tetaneutral.net> wrote:
> On Sun, May 5, 2019 at 2:55 PM Olly Betts via cfarm-users
> <cfarm-users at lists.tetaneutral.net> wrote:
>> But even a list on an https protected web page seems better than just
>> having to trust on first use.
>
> +1, trusted distribution channels.

Just a technical mini-point: https is cracked. There are hundreds of
"trusted" certificare issuers, including, for example, the Library of
Budapest. To man-in-the-middle an https transaction, you only need to
corrupt one of the "trusted" CIs, issue falsies. With hundreds to
choose from it's a doddle, and the NSA has millions in budget for
exactly that purpose!

I was always worried about the "certificate issuer" thing. And it
turns out I was right!

    M


More information about the cfarm-users mailing list