Hereby an article about security and SSL/SSH written by Kurt Seifried.
http://ouah.sysdoor.net/coverstory20001218.html

The basic idea is to use dsniff to grab keys:
Public Key Encryption
There is one fundamental problem with establishing a secure, encrypted connection over the Internet. No matter how you do it, at some point you must initiate the connection over a public and potentially hostile network. Ideally, when two hosts establish a connection, they exchange public keys using a variety of verification processes (Diffie-Hellman being an extremely popular one), and each host properly receives the other's key. Unfortunately, since this must take place over a public and usually insecure network, it is possible for an attacker to intercept the key exchange and subvert it.
I found a forum message pretty well written as a counter agument
The problem is simply one of the user interface allowing a user to
ignore a security failure. If a remote login utility using a PKI
prompted the user with "host key is not certified, log in anyway?", it
would be no better than SSH implementations. If A kerberized remote
login utility prompted a user with "remote key is incorrect, log in
anyway", it too would be no better.

If this is truly the extent of the flaw Mr. Seifried things requires a
full PKI to fix, I'd like to know why setting isn't a near-complete fix to the "End of SSH" Mr. Seifried predicts.
What do u think, it is the end or not.
Personnaly since encryption keys may come in a not encrypted way accross the net during setup, I think the architecture is dangerous.