Am 06.10.2008 um 17:29 schrieb Dave Cridland:
For those that don't know the term, that's trusting an initial key- exchange as being "probably okay", recording the public key of the peer, and then only worrying about changes. If the first key exchange wasn't compromised, then it's proof against further compromise.Lots of real-world cases of this exist - like SSH - and it's probably fine for a lot of cases, such as verifying your roster. One might envision a client which internally performs leap-of-faith, and merely records whether a "proper" verification has ever been done.
Yeah, but for XMPP, this is not OK I think. It's unlikely that a server admin will someday install a MITM-module on his server. It's likely that this is there from the start so nobody notices key changes.
An insecure network is also unlikely to be the cause of the MITM as TLS is already standard for C2S and you'd already notice it there. Using E2E on a plaintext connection - I guess that's something that won't be used in the real world.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
