From owner-freebsd-questions@FreeBSD.ORG Fri Jan 9 20:37:49 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6349B106566B for ; Fri, 9 Jan 2009 20:37:49 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-151.bluehost.com (outbound-mail-151.bluehost.com [67.222.39.31]) by mx1.freebsd.org (Postfix) with SMTP id 351CF8FC1A for ; Fri, 9 Jan 2009 20:37:48 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 2449 invoked by uid 0); 9 Jan 2009 20:36:33 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by outboundproxy5.bluehost.com with SMTP; 9 Jan 2009 20:36:33 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=apotheon.com; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:Mime-Version:Content-Type:Content-Disposition:In-Reply-To:User-Agent:X-Identified-User; b=Hv13K0TzRkZDeuG2frAXe3P67OkCL/aKen4MRcT/v7TrncoR1MpQC8aWktoQpBFLnP26uQBlKnMP/eQRxHqJ9JDjKSc/v3gnbrde21a8BEztPu00zAA1v0FbvUvuKRAA; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kokopelli.hydra) by box183.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1LLO75-0002SZ-AT for freebsd-questions@freebsd.org; Fri, 09 Jan 2009 13:37:51 -0700 Received: by kokopelli.hydra (sSMTP sendmail emulation); Fri, 9 Jan 2009 13:36:48 -0700 Date: Fri, 9 Jan 2009 13:36:48 -0700 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20090109203647.GA3007@kokopelli.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <20090102164412.GA1258@phenom.cordula.ws> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra> <200901061111.52155.fbsd.questions@rachie.is-a-geek.net> <20090107072227.GA84869@kokopelli.hydra> <496469D1.4060600@infracaninophile.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <496469D1.4060600@infracaninophile.co.uk> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: Foiling MITM attacks on source and ports trees X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 20:37:49 -0000 --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 07, 2009 at 08:37:37AM +0000, Matthew Seaman wrote: >=20 > You're kind of stuck then aren't you -- at least in respect TLS/SSL and > x509 certificates? If you don't trust any of the bodies who have the > capability to authenticate the owners of a particular cryptographic > key/certificate on your behalf, then you're going to have to do that > authentication yourself. Which is cool if you happen to know the movers > and shakers in the FreeBSD world personally and you can sit down with them > and compare key fingerprints. Or even if you can get an introduction to > them through a mutual acquaintance. Not exactly. See my comments up the thread a bit about alternative site/cert agreement verification. All the certifying authority *really* does for you is offer out-of-band verification that the cert that has been delivered to you does indeed belong with the IP address that delivered it. It obviously doesn't actually do that worth a damn, though, as the evidence of Verisign's (among others) continued use of MD5 shows. Multiply corroborated independent sources prove a far more trustworthy verifier in the aggregate, in my opinion, than commercial entities operating on an authentication model that amounts to an appeal to authority fallacy. If you think Verisign certification "proves" anything about the character of the person who bought the cert in the first place, you might want to rethink that -- even if you assume an incompetent Verisign employee hasn't accidentally sabotaged the authentication process this time. Authentication of an entity and the decision whether to trust that entity are two separate things, and should be treated as such. --=20 Chad Perrin [ content licensed OWL: http://owl.apotheon.org ] Quoth Anonymous C Professor: "To work on a program with the compiler in debug mode and then to sell it compiling it without the debug option is like learning to swim with floaters and then taking them off to swim across the Atlantic." --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklntV8ACgkQ9mn/Pj01uKUTNgCg0+ZCvvMC6UbkwkrY4njlRyd6 /U4AnjwttYfJhnUj8P7ikpxbpLeZC4PX =4Zef -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/--