[whatwg] fixing the authentication problem

> This is similar to the SSH model; the first time you connect,  
> you're expected to manually check by some means that you're  
> connecting to the right server.  On subsequent connections, you  
> won't be bothered unless the key changes.
>
> I'll concede that in most cases no-one actually verifies the key in  
> the first connection case, but at least this requires an attacker  
> to intercept your *first* connection from a particular client,  
> rather than just any connection.

I may not verify the key manually, but if my first connection to a  
particular server is made over a local network that I trust to be  
secure, then I can trust the key my SSH client has saved.  This is  
not at all an uncommon situation:  I set up a new server, I plug my  
laptop into the local LAN, I log in to make sure everything works.   
Later, when I'm sitting in a restaurant waiting for lunch and my  
laptop is connected to an untrusted public wifi network, I know the  
key my SSH client saved is legitimate.

This wouldn't be common with HTTP.

-- 
Andy Lyttle
whatwg at phroggy.com

Received on Wednesday, 22 October 2008 00:16:25 UTC