Bugtraq mailing list archives
SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification)
From: Thor Lancelot Simon <tls () rek tjls com>
Date: Fri, 12 Dec 2003 17:32:23 -0500
On Fri, Dec 12, 2003 at 11:25:55PM +0100, Florian Weimer wrote:
Thor Lancelot Simon wrote:Yes and no. SSH is not, by itself, a network-layer encryption solution, and there are many applications where that's really desirable. The other issue is, of course, that SSH's model for authenticating host identities is, itself, a mess: in this day and age, it is not acceptable to just punt on the problem of first contact and pretend that users will reasonably exchange key fingerprints offline.You don't exchange fingerprints, you just store them. Previously, I
Indeed, and you have no way to know that you are storing the right fingerprint.
The widespread success of sniffing and MITM attacks on the SSH protocol -- all due to users not doing what the protocol, by omitting any means of using a hierarchy or web to validate host keys, requires them to do -- should be proof enough of this.There are very few such attacks in the wild. Most machines which do not
That's not true; such attacks have been widely documented at every recent IETF meeting. Nothing prevents you from using certificate-authenticated IKE the exact same way you use your web browser: store individual host certificates, instead of the root certificate and the DNs of the parties you expect to connect to. However, nothing *enables* you to use SSH with either a hierarchical trust model (which you seem to not like) or a web-of-trust model (ala PGP) where you decide whom to trust and how much, because both have been proposed to the working group and both have been, effectively, shot down. As I said, that is very unfortunate, and the dsniff and other attacks at recent IETF meetings and elsewhere (e.g. on college campus networks) illustrate that real users are suffering for it in the real world right now. Thor
Current thread:
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 12)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Thor Lancelot Simon (Dec 13)
- Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Florian Weimer (Dec 13)
- Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Jimi Thompson (Dec 15)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Jun-ichiro itojun Hagino (Dec 13)