On 14/04/15 22:59, northrupthebandg...@gmail.com wrote: > The article assumes that when folks connect to something via SSH and > something changes - causing MITM-attack warnings and a refusal to > connect - folks default to just removing the existing entry in > ~/.ssh/known_hosts without actually questioning anything.
https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf > "The first important thing to note about this model is that key > changes are an expected part of life." > > Only if they've been communicated first. How does a website communicate with all its users that it is expecting to have (or has already had) a key change? After all, you can't exactly put a notice on the site itself... > "You can't provide [Joe Public] with a string of hex characters and > expect it to read it over the phone to his bank." > > Sure you can. Joe Public *already* has to do this with social > security numbers, credit card numbers, checking/savings account > numbers, etc. on a pretty routine basis, whether it's over the phone, > over the Internet, by mail, in person, or what have you. What makes > an SSH fingerprint any different? The fact that now you have the > letters A through F to read? Please. You have missed the question of motivation. I put up with reading a CC number over the phone (begrudgingly) because I know I need to do that in order to buy something. If I have a choice of clicking "OK" or phoning my bank, waiting in a queue, and eventually saying "Hi. I need to verify the key of your webserver's cert so I can log on to do my online banking. Is it 09F9.....?" then I'm just going to click "OK" (or "Whatever", as that button should be labelled). Gerv _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
