[freenet-dev] Short refs was Re: alternative to #freenet-refs
Matthew Toseland
toad at amphibian.dyndns.org
Mon Nov 19 14:12:14 UTC 2007
On Sunday 18 November 2007 12:10, Michael Rogers wrote:
> Matthew Toseland wrote:
> > We're assuming different attack models here. Both are valid for certain
> > assumptions.
>
> Fair point - I accept that if you assume the exchange is unobservable, a
> one-way invite can provide mutual authentication. But IMHO we shouldn't
> make that assumption - eavesdropping is known to be widespread, whereas
> at least we're still in the dark about the extent of active MITM. ;-)
We cannot assume there is no MITM either! My point is at least that one side
must be untamperable, and we cannot assume this if both are sent by instant
message. The only way to be sure is to do *something* out of band (encrypted
mail, face to face exchange, phone call on certain assumptions, etc), whether
that be a post connect out-of-band password or fingerprint exchange, or
sending the invite out of band in the first place. *Something* must occur out
of band, because MITM is trivial if you work at the ISP, or are otherwise
closer to Alice than Bob is. Our only other option is to assume that the
attacker will not be able to identify the noderef quickly enough to
substitute it or connect to it.
Protocol questions:
Can we make a two-way exchange safe when only one side is out of band? Even if
we don't know which side it is? Do we need to specify it? Hoping that one
side is OOB is probably a false sense of security...
How easy can we make out of band post connect verification? E.g. exchange
invites, then each node generates a short password which is exchanged out of
band e.g. over the phone with a small maximum number of attempts? (Making
certain assumptions about the state of voice recognition...)
Is it reasonable to offer (advanced?) users the choice of indicating that an
invite is unobservable because they sent it by encrypted email, delivered it
by hand etc?
> Cheers,
> Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20071119/48127c85/attachment.pgp
More information about the Devl
mailing list