[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dirk Meyer dmeyer at tzi.de
Fri Aug 29 06:06:33 CDT 2008

Dave Cridland wrote:
> On Fri Aug 29 11:12:35 2008, Dirk Meyer wrote:
>> When I want to open a secure connection to you I could ask five
>> notary
>> servers around the globe (e.g. different XMPP server in a different
>> domain). If four out of five report the same fingerprint for you I
>> could trust it. If they also report that the fingerprint is the same
>> for half a year now, I can be sure it is yours. Ok, it is not 100%
>> correct, but an attacker must manipulate many different server to
>> fake
>> your key and an attacker can not know which notary servers I will
>> ask.
> How are you asking them, though? via XMPP?

I have no idea. I only saw the paper and posted the link here because
it could be usefull. You could contact them using HTTP(S) or use
direct XMPP connections.

> Presumably, an attacker who subverts your server could in principle
> then control the responses you get.

In that case the answer must be signed somehow.

> An alternate plan might involve your client contacting the notary
> domains directly, and using CA-based trust, but that raises the
> interesting question of who would want to run a Notary server.

That could be the solution: a notary server may have s signed
certificate. As example some XMPP servers could be notary server. They
already have a signaed certificate.

But maybe this is all too complicated and will not work.


Isn't air travel wonderful?  Breakfast in London, dinner in New York,
luggage in Brazil.

More information about the Security mailing list