mtg followup
David Wolfskill
david at catwhisker.org
Fri Nov 18 20:55:09 PST 2005
On Fri, Nov 18, 2005 at 08:35:24PM -0800, Paul M. Moriarty wrote:
> ...
> Security = 1/Convenience It's a hard balance, but balance is what needs to
> be strived for.
I was planning on avoiding this discussion... but I must respectfully
point out that there are significant exceptions to that (pseudo-)equation.
For example: with but few exceptions, I access all machines on which I
work from my laptop (which runs FreeBSD, thankyouverymuch) via ssh.
Now, I *could* use reusable passwords for authentication, but while that
is better than (say) non-Kerberized telnet, I find it is a great deal
more convenient, as well as better security, to use public key
authentication.
So I set up ~/.xsession to run ssh-agent & ssh-add at the beginning (and
exit if the valid passphrase is not entered).
That done, I have very convenient, PK-authenticated, encrypted access
to the machines in question.
(No, it's not perfect security, whatever that might mean in any context;
it is reasonably good, and it's definitely both better and more
convenient than non-Kerberized telnet -- which is the sole point I am
making.)
This, of course, is quite aside from the "inconvenience" of coping
with the results of an insufficient applpication of appropriate
security practices: some of that stuff can ruin one's whole day. :-{
Peace,
david
--
David H. Wolfskill david at catwhisker.org
It is courteous to reduce quoted text to just that needed to establish context.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
More information about the Baylisa
mailing list