Re: New draft-draft of sftp...

To: jaltman%columbia.edu@localhost
Subject: Re: New draft-draft of sftp...
From: Simon Tatham <anakin%pobox.com@localhost>
Date: Tue, 26 Nov 2002 17:17:56 +0000

Jeffrey Altman <jaltman%columbia.edu@localhost> wrote:

> I am going to have to think about this concern for a bit.  However, my
> initial reaction is that if the host has been hacked so that daemon
> services are replaced then I think you are in bigger trouble.  At that
> point you can't count on the contents of any of the files you may
> receive from that server.  Depending on what they are you will be hosed.

That's a fair point in many circumstances, of course; yes.

Not every circumstance, though; suppose I was intending to download
a bunch of archive files and then check their GPG signatures? In
that situation I'm already protected against a malicious server
changing the content of the files, so being unprotected against the
same malicious server doing other damage to me is a step downward.

Cheers,
Simon
-- 
Simon Tatham         "A cynic is a person who smells flowers and
<anakin%pobox.com@localhost>    immediately looks around for a coffin."

References:
- Re: New draft-draft of sftp...
  - From: Jeffrey Altman

Prev by Date: Re: New draft-draft of sftp...
Next by Date: Re: New draft-draft of sftp...
Previous by Thread: Re: New draft-draft of sftp...
Next by Thread: Re: New draft-draft of sftp...
Indexes:

Home | Main Index | Thread Index | Old Index