[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing
stpeter at stpeter.im
Sun Aug 31 11:04:55 CDT 2008
Pedro Melo wrote:
> On Aug 29, 2008, at 12:43 PM, Dave Cridland wrote:
>> There's two issues:
>> First off, if I'm in your roster, you might ask me about Dirk's
>> fingerprint - in which case, I know that you're talking to Dirk, which
>> is pretty awesome. We can shield this one by hashing the jid, so I can
>> then scan through my hashes-of-known-jids and at least only know
>> you're talking to Dirk if I previously have as well.
> Sure. One step further is this: I send you an hash of Dirk's JID +
> Dick's offered fingerprint. If you have the same, you can tell me that
> "yes, I trusted something like that already".
> This way you will only know whom I'm talking to if you have previously
> accepted the same pair JID+Fingerprint.
> Even less information disclosure.
I like that.
>> Second, if I reply with a fingerprint match, I'm verifying not only
>> the fingerprint, but that I, too, have spoken to Dirk and confirmed
>> him, so you can run away and tell everyone we're co-conspirators.
> Yes, but I can't see how to ask you do confirm something for me without
> telling you this much. Maybe someone else can.
> But I like using the Roster as a Web-of-Trust...
I do, too -- it's the first thing I thought of when I saw that paper.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6751 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080831/f22b1880/attachment.bin
More information about the Security