Re: Steve Bellovin: ssh2 mitm attack?

To: Dave Dykstra <dwd%bell-labs.com@localhost>, ietf-ssh%netbsd.org@localhost, smb%research.att.com@localhost
Subject: Re: Steve Bellovin: ssh2 mitm attack?
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Wed, 31 Jul 2002 19:43:25 +0200

On Wed, Jul 31, 2002 at 12:37:06PM -0500, Dave Dykstra wrote:
> I pointed this out on the openssh-unix-dev mailing list in January
>     http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=101069187914700&w=2
> and there was some discussion but Marcus didn't seem to think it was
> worth worrying about.

Well, Markus, and I said that the client should print out the other
keys.  I never finished my initial patch (until recently) because it
was not considered critical (every new hostkey allows MITM) and you
can't do anything in the protocol.

References:
- Steve Bellovin: ssh2 mitm attack?
  - From: Bill Sommerfeld
- Re: Steve Bellovin: ssh2 mitm attack?
  - From: Dave Dykstra

Prev by Date: Re: Steve Bellovin: ssh2 mitm attack?
Next by Date: A new crypto forum at the IRTF
Previous by Thread: Re: Steve Bellovin: ssh2 mitm attack?
Next by Thread: A new crypto forum at the IRTF
Indexes:

Home | Main Index | Thread Index | Old Index