W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2008

[whatwg] fixing the authentication problem

From: Andy Lyttle <whatwg@phroggy.com>
Date: Wed, 22 Oct 2008 00:16:25 -0700
Message-ID: <468CB981-F02E-46E0-9F1B-5E235E26F884@phroggy.com>
> This is similar to the SSH model; the first time you connect,  
> you're expected to manually check by some means that you're  
> connecting to the right server.  On subsequent connections, you  
> won't be bothered unless the key changes.
>
> I'll concede that in most cases no-one actually verifies the key in  
> the first connection case, but at least this requires an attacker  
> to intercept your *first* connection from a particular client,  
> rather than just any connection.

I may not verify the key manually, but if my first connection to a  
particular server is made over a local network that I trust to be  
secure, then I can trust the key my SSH client has saved.  This is  
not at all an uncommon situation:  I set up a new server, I plug my  
laptop into the local LAN, I log in to make sure everything works.   
Later, when I'm sitting in a restaurant waiting for lunch and my  
laptop is connected to an untrusted public wifi network, I know the  
key my SSH client saved is legitimate.

This wouldn't be common with HTTP.

-- 
Andy Lyttle
whatwg at phroggy.com
Received on Wednesday, 22 October 2008 00:16:25 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:06 UTC