[18263] in bugtraq
Re: "The End of SSL and SSH?"
daemon@ATHENA.MIT.EDU (Alfred Perlstein)
Thu Dec 21 01:08:59 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001220154542.A19572@fw.wintelcom.net>
Date: Wed, 20 Dec 2000 15:45:42 -0800
Reply-To: Alfred Perlstein <bright@WINTELCOM.NET>
From: Alfred Perlstein <bright@WINTELCOM.NET>
X-To: "Perry E. Metzger" <perry@PIERMONT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <877l4w5lzq.fsf@snark.piermont.com>; from perry@PIERMONT.COM on
Tue, Dec 19, 2000 at 01:01:13PM -0500
* Perry E. Metzger <perry@PIERMONT.COM> [001220 15:05] wrote:
> Kurt Seifried in an article on SecurityPortal shrilly entitled "The
> End of SSL and SSH?" claims that SSH needs a PKI to be secure.
>
> The claim is that because people have built man-in-the-middle attack
> software (see http://www.monkey.org/~dugsong/dsniff/) that can
> intercept SSH sessions, that SSH is insecure. After all, if a MITM
> attack happens, the user will be informed of this, and since the user
> can choose to ignore the warning that a host key has changed and log
> in, SSH must be fatally flawed. Without a PKI, Seifried claims, there
> is no way to know if a host key is authentic.
>
> This argument makes absolutely no sense to me.
>
> The problem is simply one of the user interface allowing a user to
> ignore a security failure. If a remote login utility using a PKI
> prompted the user with "host key is not certified, log in anyway?", it
> would be no better than SSH implementations. If A kerberized remote
> login utility prompted a user with "remote key is incorrect, log in
> anyway", it too would be no better.
>
> If this is truly the extent of the flaw Mr. Seifried things requires a
> full PKI to fix, I'd like to know why setting
>
> StrictHostKeyChecking yes
>
> isn't a near-complete fix to the "End of SSH" Mr. Seifried predicts.
Yes, there's a summary here:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=129878+0+current/freebsd-security
You can read Kurt's response to my initial complaint here:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=133111+0+current/freebsd-security
And yes, his prediction is based on the stupidity and carelessness of
users who are pavlovian trained to click/reply "YES, I don't care about
this problem" when confronted with a dialog box no matter how dire the
warning in the dialogue.
There's also no mention of using pgp or some other trusted mechanism
to distribute the known server keys in the article.
But, hey, with things like NAPTHA making headlines, who said anyone
wasn't entitiled to their 15 minutes? :)
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
