[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dave Cridland dave at cridland.net
Fri Aug 29 05:19:36 CDT 2008

On Fri Aug 29 11:12:35 2008, Dirk Meyer wrote:
> When I want to open a secure connection to you I could ask five  
> notary
> servers around the globe (e.g. different XMPP server in a different
> domain). If four out of five report the same fingerprint for you I
> could trust it. If they also report that the fingerprint is the same
> for half a year now, I can be sure it is yours. Ok, it is not 100%
> correct, but an attacker must manipulate many different server to  
> fake
> your key and an attacker can not know which notary servers I will
> ask.

How are you asking them, though? via XMPP?

Presumably, an attacker who subverts your server could in principle  
then control the responses you get.

An alternate plan might involve your client contacting the notary  
domains directly, and using CA-based trust, but that raises the  
interesting question of who would want to run a Notary server.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Security mailing list