- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Thu, 12 Dec 2013 16:14:32 +0000
- To: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
- cc: "Salvatore Loreto" <salvatore.loreto@ericsson.com>, "Roberto Peon" <grmocg@gmail.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
In message <34ada50c72b7ec498dd9745d59b4c3be.squirrel@arekh.dyndns.org>, "Nicol as Mailhot" writes: >That's where e2e integrity comes into play (and as end-user I'd >like to have it too). Besides that's a major part of reassuring users >nothing fishy is going on behind their back And as usual, once you start pulling on a single loose thread, you find out that it's tied to all the turtles: What good is e2e integrity, if you don't know who the other 'e' is ? All you can know without e2e authentication is that you have some cryptographic property (privacy/integrity/whatever...) all the way to the node where the (first!) MITM attack is implemented. Unless you use a Pre Shared Key, there are only three levels of security: 1. Plaintext. 2. Obfuscated to keep trival tcpdump/snort snoopers out of the loop. 3. Authenticated. If you want more than #2, you need to fix #3, and that I belive is waaay beyond this WG. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 12 December 2013 16:15:01 UTC