[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dave Cridland dave at cridland.net
Fri Aug 29 06:43:03 CDT 2008


On Fri Aug 29 12:11:11 2008, Pedro Melo wrote:
> Well, I have this thing called a roster, and some of them I already  
>  have certified as being the person I expect them to be. And for  
> some  of those, I actually trust their judgement. So why not asking  
> them if  they know this person? And if yes, what's the signature  
> they know them  by?

Hmmm. A protocol allowing me to discover if another jid is on your  
roster?

Interesting concept.

There's two issues:

First off, if I'm in your roster, you might ask me about Dirk's  
fingerprint - in which case, I know that you're talking to Dirk,  
which is pretty awesome. We can shield this one by hashing the jid,  
so I can then scan through my hashes-of-known-jids and at least only  
know you're talking to Dirk if I previously have as well.

Second, if I reply with a fingerprint match, I'm verifying not only  
the fingerprint, but that I, too, have spoken to Dirk and confirmed  
him, so you can run away and tell everyone we're co-conspirators.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list