Re: IESG feedback on core drafts.

To: Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: IESG feedback on core drafts.
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Mon, 17 Mar 2003 09:34:09 +0100

On Fri, Mar 14, 2003 at 09:07:45AM +0000, Simon Tatham wrote:
> Conversely, PK auth doesn't solve your problem if you've never made
> a secure connection to the server before, because your very first
> connection is vulnerable to MITM and so you can't guarantee that
> it's a safe channel through which to copy your public key to the
> server - a hypothetical MITM could rewrite the key on the way past
> and end up giving the server a public key of his own instead of
> yours.

as far as i understand pk auth with ssh v2, i think
that pk auth allows you to detect MITM because in this
case the authentication will always fail (as opposed
to ssh v1). (but i could be too tired to get this right)....

-m

References:
- Re: IESG feedback on core drafts.
  - From: Joseph Galbraith
- Re: IESG feedback on core drafts.
  - From: Simon Tatham

Prev by Date: Re: IESG feedback on core drafts.
Next by Date: Meeting WEDNESDAY 3:30pm
Previous by Thread: Re: IESG feedback on core drafts.
Next by Thread: Re: IESG feedback on core drafts.
Indexes:

Home | Main Index | Thread Index | Old Index