[16140] in cryptography@c2.net mail archive
Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org) (fwd from touch@ISI.EDU)
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sat Sep 11 23:55:00 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, eugen@leitl.org
In-Reply-To: <20040910162028.GO1457@leitl.org>
Date: Sun, 12 Sep 2004 05:43:44 +1200
Eugen Leitl <eugen@leitl.org> writes:
>It does not authenticate the endpoint's identification, other than "same place
>I had been talking to."
So in other words it's the same baby-duck security model that's been quite
successfully used by SSH for about a decade, is also used in some SSL
implementations that don't just blindly trust anything with a certificate
(particularly popular with STARTTLS-enabled MTAs/MUAs where you don't want to
bother with CA-issued certs), and is even used in various X.509 applications
(via "certificate fingerprints"), although the X.509 folks don't like to admit
that because it implies that a known-good cert fingerprint is more reliable
than a CA :-).
Maybe it's worth doing some sort of generic RFC for this security model to
avoid scattering the same thing over a pile of IETF WGs, things like the
general operational principles (store a hash of the server key, compare it on
subsequent connects), how to present the value to the user (a format that's
consistent across protocols would be nice), maybe a simple /etc/passwd-type
file format listing servers and their matching hashes, etc etc etc.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
