[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Pedro Melo melo at simplicidade.org
Fri Aug 29 06:11:11 CDT 2008


On Aug 29, 2008, at 11:12 AM, Dirk Meyer wrote:
> Pedro Melo wrote:
>> On Aug 26, 2008, at 2:41 PM, Dirk Meyer wrote:
>>> in case you do not read Slashdot or follow Usenix publications, here
>>> is an interessting link:
>>> http://www.cs.cmu.edu/~perspectives/perspectives_usenix08.pdf
>>> The question is: who is the Notary Server in our case. It can not be
>>> the XMPP server because the XMPP is one of the view points an  
>>> attacker
>>> could be.
>> I read it and my first though was: what is the advantage of a notary
>> to a web of trust?
> IMHO it is more like the Byzantine Fault Tolerance. You do not have to
> trust the notary server, you just assume that maybe one or two may be
> lying, but not all of them.
> When I want to open a secure connection to you I could ask five notary
> servers around the globe (e.g. different XMPP server in a different
> domain). If four out of five report the same fingerprint for you I
> could trust it. If they also report that the fingerprint is the same
> for half a year now, I can be sure it is yours. Ok, it is not 100%
> correct, but an attacker must manipulate many different server to fake
> your key and an attacker can not know which notary servers I will
> ask.

Well, I have this thing called a roster, and some of them I already  
have certified as being the person I expect them to be. And for some  
of those, I actually trust their judgement. So why not asking them if  
they know this person? And if yes, what's the signature they know them  

I'm not saying that the Perspectives proposal is bad, not at al. I  
think its a great way to bootstrap and if it goes forward, something  
we could try and use. But this is XMPP-la-la-land, and maybe we can  
leverage our strengths (aka, the roster) to have something better.

Best regards,
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org

More information about the Security mailing list