Re: New Proposal for Section 11.1.4 Man-in-the-middle

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Subject: Re: New Proposal for Section 11.1.4 Man-in-the-middle
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Fri, 16 May 2003 10:37:12 -0700 (PDT)

Hi Simon and Nico,

I believe that the point you're trying to make would come under the
Authentication Protocol section rather than being left in the Transport
section on MITM.  That section starts with the following:
===
11.3 Authentication Protocol

   The purpose of this protocol is to perform client user
   authentication.  It assumed that this runs over a secure transport
   layer protocol, which has already authenticated the server machine,
   established an encrypted communications channel, and computed a
   unique session identifier for this session.
===
Is that sufficient for your concerns or should this section also contain a
warning about trying to run _any_ authentication mechanism over an SSH
session that has not already been authenticated (at the device level)?

Thanks,
Chris


On Thu, 15 May 2003, Nicolas Williams wrote:

> Than you Simon, your comment makes the point I tried to make the other
> day, but more clearly and eloquently than my poor attempt.
>
> Nico
>
> On Thu, May 15, 2003 at 03:27:41PM +0100, Simon Tatham wrote:
> > Chris Lonvick  <clonvick%cisco.com@localhost> wrote:
> > >    2. Use an authentication method that is not vulnerable to
> > >       man-in-the-middle attacks.  For example, public-key authentication
> > >       is not vulnerable to man-in-the-middle attack as long as the
> > >       public-key of the server has been securely distributed to the
> > >       clients before the first SSH connection is made.
> >
> > Surely the other way round?
> >
> > If the server's key has already been securely distributed to the
> > client, then _no_ authentication method is vulnerable to MITM -
> > that's precisely what the server's host key is for! I don't see how
> > public-key authentication is any better than other methods in this
> > respect.
> >
> > If the _user's_ public key has been securely distributed to the
> > _server_ before the first SSH connection is made, then public-key
> > authentication might be able to verify the server's host key which
> > was previously unknown.
> >
> > However, this is conditional on the user being sure they really have
> > connected to the right server! I grant that an MITM seeing a
> > public-key authentication request wouldn't be able to use it to gain
> > access to the real server; but they could simply return Yes, and
> > _pretend_ to be the real server for as long as they could get away
> > with it in the absence of a genuine login there, in the hope that
> > the user might try to (for example) connect through to some other
> > system and type a password in. The user would have to verify the
> > connection by requesting some other piece of information from the
> > server which they already knew but which the MITM would be unlikely
> > to guess right.
> >
> > Cheers,
> > Simon
> > --
> > Simon Tatham         "The distinction between the enlightened and the
> > <anakin%pobox.com@localhost>    terminally confused is only apparent to the latter."
> >
>

Follow-Ups:
- Re: New Proposal for Section 11.1.4 Man-in-the-middle
  - From: Nicolas Williams

References:
- Re: New Proposal for Section 11.1.4 Man-in-the-middle
  - From: Nicolas Williams

Prev by Date: Re: 2nd version - Proposal for New Section 11.1 PRNG
Next by Date: Re: New Proposal for Section 11.1.4 Man-in-the-middle
Previous by Thread: Re: New Proposal for Section 11.1.4 Man-in-the-middle
Next by Thread: Re: New Proposal for Section 11.1.4 Man-in-the-middle
Indexes:

Home | Main Index | Thread Index | Old Index