'Re: ssl auth failure gui: does "continue" do what I think it does?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: ssl auth failure gui: does "continue" do what I think it does?
From:       Thiago Macieira <thiago () kde ! org>
Date:       2009-06-10 22:32:48
Message-ID: 200906101932.49064.thiago () kde ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

Allan Sandfeld Jensen wrote:
>On Tuesday 09 June 2009, Thiago Macieira wrote:
>> The point is that, without authenticating the remote end, you open
>> yourself to man-in-the-middle attacks, which means you achieved no
>> real security.
>
>To execute a man-in-the-middle attack you have to be a man in the
> middle. Very few people have that opportunity therefore encryption
> without authentication is usefull for privacy. Some other attacks can
> misguide the traffic and accieve the same result, but not without
> compromising another level of security.

Have you ever connected to the Internet from a hotel? Or from a 
conference? When you do that, do you bring up your own VPN and tunnel all 
your traffic (including DNS queries) to trusted servers? If you do that, I'm 
assuming you did encryption + authentication of your VPN server in the 
first place.

Because if you didn't, then you opened yourself to man-in-the-middle 
attacks from the organisers. Or someone could be running a DHCP server in 
the open network and fooling the connecting clients to connect to that and 
use specific DNS servers and gateways.

>Second. Since a key is stored and rechecked later, there _is_ protection
>against man-in-the-middle attacks. The attacker has to be pervasive and
> have the attacked installed himself from the very first time you
> encounter this server for the attack to be effective. This is similar
> to the protection granted by SSH.

What you're describing is protection against intruding in a connection 
that is already in progress. The discussion here is about the connection 
setup: if you don't have a way of verifying that the key/certificate is the 
one you expect it to be, you simply have no security.

Konqueror does not store certificates from hosts it connected to and then 
later recheck to see if the certificate changed. I don't know if you knew 
that.

SSH does have an additional layer of protection which is that it tells you 
when the certificate for a given host changed. No browser I know does that.

>No, it won't protect you from the NSA or even the ISP spying on you, but
> there is a time and place for paranoia. I don't think this is it.

Sorry, I think it is. See above.

-- 
  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

["signature.asc" (application/pgp-signature)]

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread] 