[whatwg] fixing the authentication problem
Andy Lyttle
whatwg at phroggy.com
Wed Oct 22 00:16:25 PDT 2008
> This is similar to the SSH model; the first time you connect,
> you're expected to manually check by some means that you're
> connecting to the right server. On subsequent connections, you
> won't be bothered unless the key changes.
>
> I'll concede that in most cases no-one actually verifies the key in
> the first connection case, but at least this requires an attacker
> to intercept your *first* connection from a particular client,
> rather than just any connection.
I may not verify the key manually, but if my first connection to a
particular server is made over a local network that I trust to be
secure, then I can trust the key my SSH client has saved. This is
not at all an uncommon situation: I set up a new server, I plug my
laptop into the local LAN, I log in to make sure everything works.
Later, when I'm sitting in a restaurant waiting for lunch and my
laptop is connected to an untrusted public wifi network, I know the
key my SSH client saved is legitimate.
This wouldn't be common with HTTP.
--
Andy Lyttle
whatwg at phroggy.com
More information about the whatwg
mailing list