[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing
Dave Cridland
dave at cridland.net
Fri Aug 29 05:19:36 CDT 2008
On Fri Aug 29 11:12:35 2008, Dirk Meyer wrote:
> When I want to open a secure connection to you I could ask five
> notary
> servers around the globe (e.g. different XMPP server in a different
> domain). If four out of five report the same fingerprint for you I
> could trust it. If they also report that the fingerprint is the same
> for half a year now, I can be sure it is yours. Ok, it is not 100%
> correct, but an attacker must manipulate many different server to
> fake
> your key and an attacker can not know which notary servers I will
> ask.
How are you asking them, though? via XMPP?
Presumably, an attacker who subverts your server could in principle
then control the responses you get.
An alternate plan might involve your client contacting the notary
domains directly, and using CA-based trust, but that raises the
interesting question of who would want to run a Notary server.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security
mailing list