On Sunday 18 November 2007 12:10, Michael Rogers wrote: > Matthew Toseland wrote: > > We're assuming different attack models here. Both are valid for certain > > assumptions. > > Fair point - I accept that if you assume the exchange is unobservable, a > one-way invite can provide mutual authentication. But IMHO we shouldn't > make that assumption - eavesdropping is known to be widespread, whereas > at least we're still in the dark about the extent of active MITM. ;-)
We cannot assume there is no MITM either! My point is at least that one side must be untamperable, and we cannot assume this if both are sent by instant message. The only way to be sure is to do *something* out of band (encrypted mail, face to face exchange, phone call on certain assumptions, etc), whether that be a post connect out-of-band password or fingerprint exchange, or sending the invite out of band in the first place. *Something* must occur out of band, because MITM is trivial if you work at the ISP, or are otherwise closer to Alice than Bob is. Our only other option is to assume that the attacker will not be able to identify the noderef quickly enough to substitute it or connect to it. Protocol questions: Can we make a two-way exchange safe when only one side is out of band? Even if we don't know which side it is? Do we need to specify it? Hoping that one side is OOB is probably a false sense of security... How easy can we make out of band post connect verification? E.g. exchange invites, then each node generates a short password which is exchanged out of band e.g. over the phone with a small maximum number of attempts? (Making certain assumptions about the state of voice recognition...) Is it reasonable to offer (advanced?) users the choice of indicating that an invite is unobservable because they sent it by encrypted email, delivered it by hand etc? > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071119/48127c85/attachment.pgp>
