On Mon, 25 Jun 2012 16:45:24 -0700 Doug Barton wrote: > On 06/25/2012 15:53, RW wrote: > > On Mon, 25 Jun 2012 14:59:05 -0700 > > Doug Barton wrote: > > > >>>> Having a copy of the host key allows you to do one thing and one > >>>> thing only: impersonate the server. It does not allow you to > >>>> eavesdrop on an already-established connection. > >>> > >>> It enables you to eavesdrop on new connections, > >> > >> Can you describe the mechanism used to do this? > > > > Through a MITM attack if nothing else > > Sorry, I wasn't clear. Please describe, in precise, reproducible > terms, how one would accomplish this. Or, link to known script-kiddie > resources ... whatever. My point being, I'm pretty confident that > what you're asserting isn't true. But if I'm wrong, I'd like to learn > why.
Servers don't always require client keys for authentication. If they don't then a MITM attack only needs the server's key. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
