Am 06.10.2008 um 13:28 schrieb Dave Cridland:
You agreed with my revised conclusion, but insisted that all my arguments were wrong, and that I "clearly" did not understand SAS etc, which probably does count as a flamewar, but not really on my part. Still, I've thicker skin.
I didn't insist on that everything is wrong, but I assumed that if you understood the concept of an SAS would never propose that for a situation like this.
This is where your previous assertions appear to be in conflict. How does he know you weren't lying when you said it matched?
When you verify the SAS through the telephone, you hear each other and recognize each others voice. If I'd tell him then it matches though it didn't, I would have just allowed a MITM, nothing more. Additionally, he could ask me to re-negotiate and tell him my SAS and compare it.
If you still assert that your authentication was only one way, could you now explain how this was achieved, and in particular, what the side-channel used for SAS was, what its security properties were, and what the resultant security properties of the esession were?
They just knew from other things that I was I and trusted their server that there is no MITM and verified - which is why I didn't verify them.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
