[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Nicholas Tung <gatoatigrado () gmail ! com>
Date: 2009-06-09 23:56:37
Message-ID: fa81b0d10906091656k5ad91210u3b6fcffd4e63a1e6 () mail ! gmail ! com
[Download RAW message or body]
On Tue, Jun 9, 2009 at 2:33 PM, Allan Sandfeld Jensen<kde@carewolf.com> wrote:
> On Tuesday 09 June 2009, Thiago Macieira wrote:
>> The point is that, without authenticating the remote end, you open
>> yourself to man-in-the-middle attacks, which means you achieved no real
>> security.
>>
> To execute a man-in-the-middle attack you have to be a man in the middle.
> Very few people have that opportunity therefore encryption without
> authentication is usefull for privacy. Some other attacks can misguide the
> traffic and accieve the same result, but not without compromising another
> level of security.
>
> Second. Since a key is stored and rechecked later, there _is_ protection
> against man-in-the-middle attacks. The attacker has to be pervasive and have
> the attacked installed himself from the very first time you encounter this
> server for the attack to be effective. This is similar to the protection
> granted by SSH.
Well, it clearly doesn't store it very long, or doesn't bring up a
better GUI (original attachment at
http://lists.kde.org/?l=kde-devel&m=124416133219778&q=p6 ). I have
*definitely* connected to mail.google.com from the same applet (gmail
plasmoid), which used a signed certificate.
in re. security terminology, I was taught that
"security" = { "authentication", "encryption" } + other obvious stuff
like "authorization" (only a few users can change things) and "access"
(actually being connected)
This seems in line with what Wikipedia suggests. Therefore,
"encryption" does not imply "security". I hope that adds clarity.
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic