[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing
pavlix at pavlix.net
Sat Aug 30 04:00:17 CDT 2008
On Fri, 29 Aug 2008 12:11:11 +0100
Pedro Melo <melo at simplicidade.org> wrote:
> On Aug 29, 2008, at 11:12 AM, Dirk Meyer wrote:
> > Pedro Melo wrote:
> >> On Aug 26, 2008, at 2:41 PM, Dirk Meyer wrote:
> >>> in case you do not read Slashdot or follow Usenix publications,
> >>> here is an interessting link:
> >>> http://www.cs.cmu.edu/~perspectives/perspectives_usenix08.pdf
> >>> The question is: who is the Notary Server in our case. It can not
> >>> be the XMPP server because the XMPP is one of the view points an
> >>> attacker
> >>> could be.
> >> I read it and my first though was: what is the advantage of a
> >> notary to a web of trust?
> > IMHO it is more like the Byzantine Fault Tolerance. You do not have
> > to trust the notary server, you just assume that maybe one or two
> > may be lying, but not all of them.
> > When I want to open a secure connection to you I could ask five
> > notary servers around the globe (e.g. different XMPP server in a
> > different domain). If four out of five report the same fingerprint
> > for you I could trust it. If they also report that the fingerprint
> > is the same for half a year now, I can be sure it is yours. Ok, it
> > is not 100% correct, but an attacker must manipulate many different
> > server to fake your key and an attacker can not know which notary
> > servers I will ask.
> Well, I have this thing called a roster, and some of them I already
> have certified as being the person I expect them to be. And for some
> of those, I actually trust their judgement. So why not asking them
> if they know this person? And if yes, what's the signature they know
> them by?
Web of trust? PGP?
> I'm not saying that the Perspectives proposal is bad, not at al. I
> think its a great way to bootstrap and if it goes forward, something
> we could try and use. But this is XMPP-la-la-land, and maybe we can
> leverage our strengths (aka, the roster) to have something better.
> Best regards,
Jabber & Mail: pavlix(at)pavlix.net
More information about the Security