Re: Fixing exchange of host keys in the SSH key exchange

To: "denis bider (Bitvise)" <ietf-ssh3%denisbider.com@localhost>, Mouse <mouse%Rodents-Montreal.ORG@localhost>, "ietf-ssh%NetBSD.org@localhost" <ietf-ssh%NetBSD.org@localhost>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Mon, 27 Mar 2017 01:24:13 +0000

denis bider (Bitvise) <ietf-ssh3%denisbider.com@localhost> writes:

>What you found is NOT that people use TOFU (Trust On First Use). They use
>TWAT - Trust Whatever, Any Time:

Damn, I could've used that in the article :-).

>This is highly problematic because it means that, while SSH is supposed to
>defend against MITM in theory, it does not defend in practice.

Yeah, as the article points out, X.509 fans can point out that SSH is no
better, and SSH fans can point out that SSH is no worse.

Peter.

References:
- Fixing exchange of host keys in the SSH key exchange
  - From: denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Mouse
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: denis bider (Bitvise)

Prev by Date: Re: Fixing exchange of host keys in the SSH key exchange
Next by Date: Re: Fixing exchange of host keys in the SSH key exchange
Previous by Thread: Re: Fixing exchange of host keys in the SSH key exchange
Next by Thread: Re: Fixing exchange of host keys in the SSH key exchange
Indexes:

Home | Main Index | Thread Index | Old Index