Re: [tlug] SSH Issues

[Edward Middleton <emiddleton@example.com>]

Stephen J. Turnbull wrote:
> But no, HTTPS is *not* analogous to DNSSEC.  It serves many purposes
> without need of authentication or prior communication of any kind.
> (Eg, viewing material your neighbors shouldn't know you look at,
> without being detected.  As the Supreme Court Justice said about porn,
> "I know it when I see it"; some data is self-authenticating.)
>   

HTTPS relies on prior key exchange.  Without it you have no assurance
you are connecting directly to the site you intended and could even be
connecting through your neighbors hypothetical proxy.  The prior
authentication can be out of band (like ssh) i.e. self signed server
certificates, but unless it occurs the whole infrastructure offers no
meaningful security.

Firefox 3 tries to address the issue of prior authentication of self
signed certificates by using an irritating dialog box sequence for self
signed certificates.  It has come under a lot of criticism from people
using self signed certificates but it is good to see Mozilla has shown
some backbone in making the change.

The other part which has been missing from both https and DNSSEC until
recently has been the building of meaningful trust relationships.  Up
till recently[1] server certificates, self signed or otherwise, were all
pretty dubious.  It was not particularly clear how a given CA verified
the identity of the owners of a domain.  In many cases they simply
checked that the party calming ownership controlled the domain name.  As
it is fairly easy to fraudulently register a domain this is not a
sufficient level of authentication for secure banking or other business
application.

>  > That Diffie-Hellman requires just what I've been talking about above,
>
> *sigh*  You talked about a "pre-shared secret" above, and its presence
> or absence is the only difference between what I'm trying to say and
> what you've been saying about your application and about DNSSEC's
> working in general (but I misunderstood).  That's why I used Diffie-
> Hellman as an example!  "Presence of a pre-shared secret" can't be
> what you mean here, because *precisely stated* Diffie-Hellman's
> contribution is to make construction of a shared secret possible
> *without* previous communication of another secret.  No more (though
> that is plenty!)
>
> So what the Diffie-Hellman are you talking about?
>   

IIRC the problem is that even with Diffie-Hellman you don't know whether
you are generating the shared secret for the session with the actual
site or someone posing as the site.  You need authentication to do
this.  The pre-shared secret in PKI is the CA certificates that come
with your browser.  They allow you to check the validity of the server
certificates.  Obviously this relies on you trusting the CA certificates
that come with your browser.

Edward

1.   Extended Validation Certificates require the CA to actually make a
meaningful effort to establish the identity and trustworthiness of the
entity controlling the domain
http://en.wikipedia.org/wiki/Extended_Validation_Certificate