Re: New Proposal for Section 11.1.4 Man-in-the-middle

To: "Simon Tatham" <anakin%pobox.com@localhost>, <ietf-ssh%netbsd.org@localhost>
Subject: Re: New Proposal for Section 11.1.4 Man-in-the-middle
From: "Joseph Galbraith" <galb-list%vandyke.com@localhost>
Date: Thu, 15 May 2003 12:13:46 -0600

> However, this is conditional on the user being sure they really have
> connected to the right server! I grant that an MITM seeing a
> public-key authentication request wouldn't be able to use it to gain
> access to the real server; but they could simply return Yes, and
> _pretend_ to be the real server for as long as they could get away
> with it in the absence of a genuine login there, in the hope that
> the user might try to (for example) connect through to some other
> system and type a password in. The user would have to verify the
> connection by requesting some other piece of information from the
> server which they already knew but which the MITM would be unlikely
> to guess right.

Right... this is what the origal claim was;
man in the middle is not feasable with public
key.

However, as you point out, a spoofing attack
is-- which really makes this protection quite
useless.

I think we should remove #2.

Thanks,

Joseph

Follow-Ups:
- Re: New Proposal for Section 11.1.4 Man-in-the-middle
  - From: Nicolas Williams

References:
- Re: New Proposal for Section 11.1.4 Man-in-the-middle
  - From: Simon Tatham

Prev by Date: Re: New Proposal for Section 11.3.3 X11 Forwarding
Next by Date: 2nd Version was: New Proposal for Section 11.3.3 X11 Forwarding
Previous by Thread: 2nd Version - Section 11.1.4 Man-in-the-middle
Next by Thread: Re: New Proposal for Section 11.1.4 Man-in-the-middle
Indexes:

Home | Main Index | Thread Index | Old Index