On Fri, Nov 22, 2002 at 09:23:57PM +0100, Eugen Leitl wrote:
| Question: if you control the traffic layer you can easily disrupt
| opportunistic encryption (STARTTLS & Co) by killing public key exchange,
| or even do a MITM.
|
| Is there any infrastructure in MTAs for public key caching, and admin
| notification if things look fishy? (Fishy: a host which used to do PKI
| with you suddenly says it can't, or its key differs from key you cached).
|
| (Okay, it's unlikely, but maybe people have been anticipating this).
Not that we've found. I did a little experimenting with huge SSL
session timeouts and high log levels, but saw nothing logged that
indicated that someone who should have had a key didn't.
While what you propose is useful enough that I spent time looking for
it, lets not let the best become the enemey of the good. Needing to
disrupt a network connection is a huge cost for an Eve who prefers to
avoid detection. Not an unpayable one, but not to be ignored.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
