On Wed, Apr 15, 2015 at 10:44:35AM +0100, Gervase Markham wrote: > On 14/04/15 22:59, northrupthebandg...@gmail.com wrote: > > The article assumes that when folks connect to something via SSH and > > something changes - causing MITM-attack warnings and a refusal to > > connect - folks default to just removing the existing entry in > > ~/.ssh/known_hosts without actually questioning anything. > > https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf
That is somewhat discouraging, but I wonder what the conditions of these organizations are. At the very risky end you could ignore a key change you were not told of ahead of time for <my chinese hosting provider>. On the other hand if I'm sitting at my desk using my laptop and change the key for the sshd on my desktop there isn't nearly as much risk in ignoring the key my laptop sees. > > "The first important thing to note about this model is that key > > changes are an expected part of life." > > > > Only if they've been communicated first. > > How does a website communicate with all its users that it is expecting > to have (or has already had) a key change? After all, you can't exactly > put a notice on the site itself... Well, you can put up a notice while using the old cert, and in principal you can sign the new cert with the old one similar to what you do when changing gpg keys. However in the case the old cert needs to be revoked all users do need to go back to the out of band verification method. > > "You can't provide [Joe Public] with a string of hex characters and > > expect it to read it over the phone to his bank." > > > > Sure you can. Joe Public *already* has to do this with social > > security numbers, credit card numbers, checking/savings account > > numbers, etc. on a pretty routine basis, whether it's over the phone, > > over the Internet, by mail, in person, or what have you. What makes > > an SSH fingerprint any different? The fact that now you have the > > letters A through F to read? Please. > > You have missed the question of motivation. I put up with reading a CC > number over the phone (begrudgingly) because I know I need to do that in > order to buy something. If I have a choice of clicking "OK" or phoning > my bank, waiting in a queue, and eventually saying "Hi. I need to verify > the key of your webserver's cert so I can log on to do my online > banking. Is it 09F9.....?" then I'm just going to click "OK" (or > "Whatever", as that button should be labelled). I wonder if there's a reasonable way to make it hard to click "whatever", but fairly easy to say "I expect the finger print for the cert for foo.com is ab:cd:de:fg..." if that's correct I'm happy this is secure. As an asside I personally find the manual comparison to be a pain even if I have both finger prints easily available. Trev > > Gerv > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
