[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing
dave at cridland.net
Fri Aug 29 06:43:03 CDT 2008
On Fri Aug 29 12:11:11 2008, Pedro Melo wrote:
> Well, I have this thing called a roster, and some of them I already
> have certified as being the person I expect them to be. And for
> some of those, I actually trust their judgement. So why not asking
> them if they know this person? And if yes, what's the signature
> they know them by?
Hmmm. A protocol allowing me to discover if another jid is on your
There's two issues:
First off, if I'm in your roster, you might ask me about Dirk's
fingerprint - in which case, I know that you're talking to Dirk,
which is pretty awesome. We can shield this one by hashing the jid,
so I can then scan through my hashes-of-known-jids and at least only
know you're talking to Dirk if I previously have as well.
Second, if I reply with a fingerprint match, I'm verifying not only
the fingerprint, but that I, too, have spoken to Dirk and confirmed
him, so you can run away and tell everyone we're co-conspirators.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security