[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dirk Meyer dmeyer at tzi.de
Fri Aug 29 05:12:35 CDT 2008

Pedro Melo wrote:
> Hi,
> On Aug 26, 2008, at 2:41 PM, Dirk Meyer wrote:
>> in case you do not read Slashdot or follow Usenix publications, here
>> is an interessting link:
>> http://www.cs.cmu.edu/~perspectives/perspectives_usenix08.pdf
>> The question is: who is the Notary Server in our case. It can not be
>> the XMPP server because the XMPP is one of the view points an attacker
>> could be.
> I read it and my first though was: what is the advantage of a notary
> to a web of trust?

IMHO it is more like the Byzantine Fault Tolerance. You do not have to
trust the notary server, you just assume that maybe one or two may be
lying, but not all of them.

When I want to open a secure connection to you I could ask five notary
servers around the globe (e.g. different XMPP server in a different
domain). If four out of five report the same fingerprint for you I
could trust it. If they also report that the fingerprint is the same
for half a year now, I can be sure it is yours. Ok, it is not 100%
correct, but an attacker must manipulate many different server to fake
your key and an attacker can not know which notary servers I will


Work is the greatest thing in the world, so save some for tomorrow.

More information about the Security mailing list