On Fri, May 28, 2010 at 10:34 PM, Jens Alfke <[email protected]> wrote: > > On May 28, 2010, at 6:59 PM, Michael Ash wrote: > >> An attacker can execute a man-in-the-middle attack... >> An attacker can simply impersonate your app... >> Neither of these can be defended against, even theoretically, when >> communicating peer-to-peer. > > Not true; if you use SSL or some equivalent, both peers can use certificates > to identify themselves. This works if either (a) the certs are signed by a > reputable authority (as in the traditional use of SSL by web servers), or if > (b) each peer has previously verified the other’s identity and remembered the > cert (as is done by SSH.) > > GameKit doesn’t do anything like this, though, although I can’t say for sure > because Apple’s never published any information about the protocol used (to > my knowledge).
Man-in-the-middle: if I execute the attack the first time you talk to a given peer, you have no way of detecting me. Impersonation: I use a legitimate copy to talk to you once. Now we have two peers which have identified themselves. Afterwards, I take my copy of the app and modify it to emit malicious code. When we connect again, I use the credentials we already exchanged to identify my side again, then hit you with malicious data. How does your scheme protect against that? It doesn't, and can't. It is impossible for you to tell the difference between "I am talking to a legitimate copy of this application" and "I am talking to something that appears to be a legitimate copy of this application, but will actually send me evil data." Mike _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
