[PP-main] Technical/implementation matters

Andrew Cooke andrew at andrewcooke.free-online.co.uk
Sun Mar 5 22:56:26 CET 2000

At 03:25 PM 3/5/00 -0600, you wrote:
>On Sun, Mar 05, 2000 at 09:05:55PM +0000, Andrew Cooke wrote:
>> [...] How do you deal with
>> man-in-the-middle attacks using address spoofing, for example?
>The only way it's possible to do: Using host signatures.

This means nothing to me - what's to stop someone sitting between the two
connections to learn host signatures (whatever they are)?  Without a
description of how the connection is made and verified you can't convince a
sceptic that the system is secure.  Saying that you use "host signatures"
or known ciphers doesn't mean that it is secure.  To convince someone it is
secure you have to describe the way in which the connection is made.  If
you don't want to call it a protocol, fine, but that description has to be



More information about the Peerpress-main mailing list