In message <Pine.LNX.4.44.0511212148070.25860-100000@server2.tcw.telecomplete.n et>, "Stephen J. Wilcox" writes:
we relay security information and hope the user clicks 'yes' when they are told the host key has changed
you dont have to break the code if the endpoints trust sessions with you and share their encryption keys
Put another way, security is as much a matter of proper usage as proper algorithms and proper code. See http://www.fas.org/irp/eprint/heath.pdf for a story of how the NSA and the US Navy got that wrong. For that matter, read Leo Marks' wonderful memoir "Between Silk and Cyanide". He's telling a story, not trying to teach, but the message is there nonetheless. As technologists, of course, it's incumbent on us to design security systems that help the user understand consequences of actions, and to help avoid dangerous situations. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb