Re: Digest Authentication, Netscape, and Microsoft from nemo/Joel N. Weber II on 1997-04-15 (ietf-http-wg@w3.org from April to June 1997)

From: nemo/Joel N. Weber II <devnull@gnu.ai.mit.edu>
Date: Tue, 15 Apr 1997 17:47:03 -0400 (EDT)
To: dwm@xpasc.com
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <199704152147.RAA12613@duality.gnu.ai.mit.edu>

   Date: Tue, 15 Apr 1997 14:26:13 -0700 (PDT)
   From: "David W. Morris" <dwm@xpasc.com>

   Except that SSL is rather heavy weight performance wise and hence may be
   overkill where the real objective is reasonably reliable identification of
   a user w/o compromising their password data.

I still don't quite see this.

Because if I can watch someone's packets fly across a network segment,
can't I take over their connection after it has been established?
Obviously, for me to read the password, I have to know what I'm doing.
So hijacking a connection would not be much harder.  (Especially
considering I've seen proprietary software that makes taking over
a connection extremely easy.)

And if I were an end user, I'd think that the network connection
had just died because of a glitch.

   And frankly, hearing your security philosophy raises concerns about hidden
   virus being added to complex software many many folks use from the GNU
   project. But that is clearly offtopic for this list.

If some sort of virus or trojan horse were added to the sources, I'm
sure we'd notice.  I don't want to document all the techniques that
are likely to work for us to notice things, because that WOULD reduce security.

If it's a virus that works by modifying the executable, and source is
never distributed for that virus, then standard GNU packages
on prep.ai.mit.edu are immune; FSF generally doesn't distribute binaries.

>From what I've seen, most UN*X trojan horses seem to be distributed
as binaries.  So I generally get the source for the programs I use,
and compile them myself.

Admittedly, that approach looks at the way human nature works, more than
trying to make sure I have a bulletproof solution.

But I should also add that I've seen about two weeks worth of changes
to files destroyed, and that didn't change my view on security.  (But
I think we started making better backups after that lossage.)

Anyway, as I understand it, Microsoft Internet Explorer has some security
problem that allows deleting files; and Java did too at one point.
So imprefect security is not a unique problem.

Received on Tuesday, 15 April 1997 14:50:50 UTC