more SSH MITM
Thomas Shaddack
shaddack at ns.arachne.cz
Sat Sep 6 22:00:59 PDT 2003
On Sat, 6 Sep 2003, James A. Donald wrote:
> Thus under this attack, ssh uncertified keys work far better
> than https certified keys.
Central certification authority has its risks and advantages. Remembering
the fingerprints of known keys and alerting for the new or changed ones
has its advantages too. Why we shouldn't have it all?
Why there couldn't be a system that would keep the database of known keys
and report changes and new keys, like SSH does, and at the same give the
possibility to sign the keys by several CAs? Effectively turning the
hierarchy with potentially vulnerable top to a much-less-vulnerable web
structure?
That way you could get a key certified by Verisign, Thawte, and a handful
of small private CAs of various groups and people, and its fingerprint
remembered by the clients. If one of the CAs gets compromised, no problem
as the other certificates still hold. If a server key gets changed, or
there is a confusion-attack in progress ("BankOpAmerica"), the clients are
immediately aware of it.
Could be SSL modified to allow more CAs for one certificate? If it isn't a
good idea, why?
More information about the cypherpunks-legacy
mailing list