I think the core of Silverman's defense is that SSH et al is vulnerable to MITM by design, and not by necessity.
It becomes clear shortly that Seifried is talking about MITM. The existence of MITM is not a flaw in either protocol; in fact, both protocols include mechanisms to counter MITM. What is true is that, in most implementations, users may choose to override those mechanisms for the sake of convenience, forgoing MITM protection. One might take issue with this decision, but it is an implementation issue, not a protocol design flaw.
He then goes on to explain that it is necessary to allow connections without third-party verification at the present time due to a absence of a convenient, trustworthy, free, and universal authentication service. Nevertheless, the clients provide significant warnings to the user when something fishy might be going on.
In a nutshell, there are methods by which SSH can already support forms of 3rd party verification. It can be used in such a way so as not to be vulnerable to MITM. It is not implemented by default by design.
Really? Which buildings? I was impressed by all the Secret Sevice guys with binoculars. I also tried to spot some plain-clothed agents, but nobody near me was wearing an earpiece that I could notice.
I heard the whole speach. In light of the bulk of comments in this discussion, I find it a bit ironic that the entire emphasis of the speach was to explain, with specific examples, how significant advances in technology across the board arise from and depend on basic research, and more importantly, that the general public does not understand/believe this.
Simply stated, the private sector cannot afford to make long term reaseach investments, for obvious reasons. It's the long-term, less-structured forays into new science that drive technology in new directions. The resistance to validating these claims stems from the misconception is that publicly-funded research is not subject to productivity quota or quality control, which could not be further from the truth.
Slashdot Mirror
It becomes clear shortly that Seifried is talking about MITM. The existence of MITM is not a flaw in either protocol; in fact, both protocols include mechanisms to counter MITM. What is true is that, in most implementations, users may choose to override those mechanisms for the sake of convenience, forgoing MITM protection. One might take issue with this decision, but it is an implementation issue, not a protocol design flaw.
He then goes on to explain that it is necessary to allow connections without third-party verification at the present time due to a absence of a convenient, trustworthy, free, and universal authentication service. Nevertheless, the clients provide significant warnings to the user when something fishy might be going on.
In a nutshell, there are methods by which SSH can already support forms of 3rd party verification. It can be used in such a way so as not to be vulnerable to MITM. It is not implemented by default by design.
Just fixing the link: Free ISP List
This is probably not going to affect Altavista email. Other free ISP's can be found at: Free ISP List
I heard the whole speach. In light of the bulk of comments in this discussion, I find it a bit ironic that the entire emphasis of the speach was to explain, with specific examples, how significant advances in technology across the board arise from and depend on basic research, and more importantly, that the general public does not understand/believe this.
Simply stated, the private sector cannot afford to make long term reaseach investments, for obvious reasons. It's the long-term, less-structured forays into new science that drive technology in new directions. The resistance to validating these claims stems from the misconception is that publicly-funded research is not subject to productivity quota or quality control, which could not be further from the truth.