mtg followup

• Previous message: mtg followup
• Next message: Missing glue for a nameserver
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 18, 2005 at 08:35:24PM -0800, Paul M. Moriarty wrote:
> ...
> Security = 1/Convenience  It's a hard balance, but balance is what needs to
> be strived for.

I was planning on avoiding this discussion... but I must respectfully
point out that there are significant exceptions to that (pseudo-)equation.

For example:  with but few exceptions, I access all machines on which I
work from my laptop (which runs FreeBSD, thankyouverymuch) via ssh.

Now, I *could* use reusable passwords for authentication, but while that
is better than (say) non-Kerberized telnet, I find it is a great deal
more convenient, as well as better security, to use public key
authentication.

So I set up ~/.xsession to run ssh-agent & ssh-add at the beginning (and
exit if the valid passphrase is not entered).

That done, I have very convenient, PK-authenticated, encrypted access
to the machines in question.

(No, it's not perfect security, whatever that might mean in any context;
it is reasonably good, and it's definitely both better and more
convenient than non-Kerberized telnet -- which is the sole point I am
making.)


This, of course, is quite aside from the "inconvenience" of coping
with the results of an insufficient applpication of appropriate
security practices:  some of that stuff can ruin one's whole day.  :-{

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
It is courteous to reduce quoted text to just that needed to establish context.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.

• Previous message: mtg followup
• Next message: Missing glue for a nameserver
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]