[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dirk Meyer dmeyer at tzi.de
Fri Aug 29 06:06:33 CDT 2008


Dave Cridland wrote:
> On Fri Aug 29 11:12:35 2008, Dirk Meyer wrote:
>> When I want to open a secure connection to you I could ask five
>> notary
>> servers around the globe (e.g. different XMPP server in a different
>> domain). If four out of five report the same fingerprint for you I
>> could trust it. If they also report that the fingerprint is the same
>> for half a year now, I can be sure it is yours. Ok, it is not 100%
>> correct, but an attacker must manipulate many different server to
>> fake
>> your key and an attacker can not know which notary servers I will
>> ask.
>
> How are you asking them, though? via XMPP?

I have no idea. I only saw the paper and posted the link here because
it could be usefull. You could contact them using HTTP(S) or use
direct XMPP connections.

> Presumably, an attacker who subverts your server could in principle
> then control the responses you get.

In that case the answer must be signed somehow.

> An alternate plan might involve your client contacting the notary
> domains directly, and using CA-based trust, but that raises the
> interesting question of who would want to run a Notary server.

That could be the solution: a notary server may have s signed
certificate. As example some XMPP servers could be notary server. They
already have a signaed certificate.

But maybe this is all too complicated and will not work.


Dirk

-- 
Isn't air travel wonderful?  Breakfast in London, dinner in New York,
luggage in Brazil.


More information about the Security mailing list