Hacker News new | past | comments | ask | show | jobs | submit login

No, its that the fix is client side and painful. They can tell their users to fix it and they would rather leave than do it.



I thought users would be prompted to accept a new fingerprint. Am I missing something?


If by "prompted" you mean:

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ IT IS POSSIBLE THAT SOMONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now!

Then, yes, users will be prompted in the scariest possible language.

Compare this with HTTPS/browsers, which care not a lick if a certificate/fingerprint is different, provided that the certificate is valid and the chain is trusted.


Which --coincidentally-- is exactly the problem with it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: