[PP-main] Technical/implementation matters
Andrew Cooke
andrew at andrewcooke.free-online.co.uk
Sun Mar 5 22:56:26 CET 2000
At 03:25 PM 3/5/00 -0600, you wrote:
>On Sun, Mar 05, 2000 at 09:05:55PM +0000, Andrew Cooke wrote:
>> [...] How do you deal with
>> man-in-the-middle attacks using address spoofing, for example?
>
>The only way it's possible to do: Using host signatures.
This means nothing to me - what's to stop someone sitting between the two
connections to learn host signatures (whatever they are)? Without a
description of how the connection is made and verified you can't convince a
sceptic that the system is secure. Saying that you use "host signatures"
or known ciphers doesn't mean that it is secure. To convince someone it is
secure you have to describe the way in which the connection is made. If
you don't want to call it a protocol, fine, but that description has to be
there.
Andrew
http://www.andrewcooke.free-online.co.uk/index.html
More information about the Peerpress-main
mailing list