IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: New Proposal for Section 11.1.4 Man-in-the-middle
> However, this is conditional on the user being sure they really have
> connected to the right server! I grant that an MITM seeing a
> public-key authentication request wouldn't be able to use it to gain
> access to the real server; but they could simply return Yes, and
> _pretend_ to be the real server for as long as they could get away
> with it in the absence of a genuine login there, in the hope that
> the user might try to (for example) connect through to some other
> system and type a password in. The user would have to verify the
> connection by requesting some other piece of information from the
> server which they already knew but which the MITM would be unlikely
> to guess right.
Right... this is what the origal claim was;
man in the middle is not feasable with public
key.
However, as you point out, a spoofing attack
is-- which really makes this protection quite
useless.
I think we should remove #2.
Thanks,
Joseph
Home |
Main Index |
Thread Index |
Old Index