Hacker News new | past | comments | ask | show | jobs | submit login

SSH chat does not ensure that "I know who you claim to be". Only that "I know you're someone who has access to the same SSH key as that someone with whom I was talking yesterday".

In terms of authentication, that is about on par with an IRC "nickbot".




There's nothing preventing you from transporting an SSH public key over some other secured channel. Then it's "I know that you are someone that has access to the SSH key transported over that secure channel".


That's TOFU-POP, and it's perfectly reasonable for many situations. For example, HN.


For others who've never before run into that particular acronym, it glosses per [1] to "Trust On First Use/Persistence of Pseudonym".

[1] https://lists.gnupg.org/pipermail/gnupg-devel/2014-March/028...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: