On 09/06/13 17:28, hellekin wrote: > On 09/05/2013 06:02 PM, Guido Witmond wrote: >>> >>> Can you explain/point me to a resource where those steps (to >>> avoid the mitm attack) are described? >>> > >> That would be in the manual of the voice/video/chat package. >> Usually it means validating a SAS (Short Authentication String) >> once. > > *** You mean, beforehand, out of band? Doesn't it defeat the purpose > of authenticating strangers?
Authenticating the SAS is part of the document where you do the opposite: authenticating relatives after exchanging the keys via an insecure channel. You're right that it doesn't work for authenticating strangers. That's the topic of the second part of the blog where I introduce my ideas on it. > The MITM attack scenario nowadays seems quite... Normal. > > I mean, who trusts the X509 infrastructure after the Snowden > Apocalypse? I thought the security model was "My node is secure. > Everything else is compromised." And even that does not seem to be > certain, so we *assume* our node not to be compromised. Nope, the model has always been that the end users' node is insecure. That's why everyone limits http-sessions with banks. They even forbid people from letting their browser remember passwords. To solve that, take a look at capability operating systems such as genode.org. More necessary than ever. Guido.
signature.asc
Description: OpenPGP digital signature
