search

francoismichel / ssh3

SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/
https://arxiv.org/abs/2312.08396
Apache License 2.0
3.18k stars 81 forks source link

Missing explanation for secure host keys #46

Open viraptor opened 6 months ago

viraptor commented 6 months ago

The readme states:

X.509 certificates: you can now use your classical HTTPS cerificates to authenticate your SSH3 server. This mechanism is more secure than the classical SSHv2 host key mechanism.

but that's very vague. In what scenarios is it more secure / why? Does the comparison include SSHFP? Why is it more secure than CA signed host keys? etc.

francoismichel commented 6 months ago

This sentence is probably not clear enough, it is targeted to a good part of SSH users that rely on self-generated SSH host heys that require manually checking the host key on first use, otherwise machine-in-the-middle attacks could occur. Many people usually do not check that fingerprint upon first use. (We have a lot of students at university simply skipping that prompt)

I wrote "more secure" for this scenario, in the sense that CA-signed certificates are not subject to this. But you if you use OpenSSH certificates of similar mechanism, you can get comparable security guarantees. The README was aimed to a large audience and is expected to be relatively short. If you have better wordings that are less ambiguous and concise, it would be a great help. That claim was probably a bit strong because a lot of people are picking on this sentence. I can rephrase it myself, but I'll work on a few other issues before.