|
|
|
|
|
|
by uuid_to_string
4437 days ago
|
|
|
For per packet encryption. For authentication, there is CurveCP. People seem confident with OpenSSH's authentication
mechanism. Why not use that? At some point one has to trust that the IP address
one is sending/retrieving data to/from is the correct
one. That's easier said than done if some host wants
to keep changing its IP address every few days. The SSL PKI scheme (the SSL approach to authentication),
as implemented for public websites, is not much of a
confidence-builder, IMO. Opinions may differ. If websites maintained consistent IP addresses and we
could authenticate these machines using OpenSSH keys,
I would be more willing to believe we could verify
their "authenticity". |
|
|