On 02/21/2010 04:11 AM, Nguyễn Đình Nam:
I think you didn't look closely at my description. The intrusion detection servers track the changes of certificates belong to a host name over time, reported by user agent software around the world, this is just like "Perspectives". If there is one time the legitimate certificate from the web server reaches the web browser, it'll be recorded.
This will work as with SSH keys or anything that changes fairly often. People simply will ignore it and take it as a fact of live that this happens from time to time. It just takes a little longer - first they examine the certificate perhaps, convince themselves that it's a new certificate and allow it to go through. So does your tracking server and over time, you are at square one, people will click through like with anything.
If this solution would solve the problem in such an easy way, why isn't it already in use for more than a decade? Recent studies going at task with those accessing SSH servers have shown that most users simple edit their known_hosts file - those people are way more knowledgeable than the casual users. It doesn't work...
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: [email protected] Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
