[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU/consensus] Eccentric Authentication again
|
From: |
hellekin |
|
Subject: |
Re: [GNU/consensus] Eccentric Authentication again |
|
Date: |
Fri, 06 Sep 2013 12:28:31 -0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130827 Icedove/17.0.8 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 09/05/2013 06:02 PM, Guido Witmond wrote:
>>
>> Can you explain/point me to a resource where those steps (to
>> avoid the mitm attack) are described?
>>
>
> That would be in the manual of the voice/video/chat package.
> Usually it means validating a SAS (Short Authentication String)
> once.
>
*** You mean, beforehand, out of band? Doesn't it defeat the purpose
of authenticating strangers?
The MITM attack scenario nowadays seems quite... Normal.
I mean, who trusts the X509 infrastructure after the Snowden
Apocalypse? I thought the security model was "My node is secure.
Everything else is compromised." And even that does not seem to be
certain, so we *assume* our node not to be compromised.
==
hk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQIcBAEBCgAGBQJSKfSeAAoJEEgGw2P8GJg9c3MQAJPJY8WDd0lG5Q3/wI7bNwiT
fW6RsG2cA7DLw7b9w2gduLUfpzOlHi6C+1JY3i+M5U7wuAE/10leU7KeZcOiKcDa
2/I9Dz7L1Yos1pVBH2PTce29543nXg8vq9LwBhrvo77XzZkl9kZhl9r1Y5U/Rjwg
tzjqchI0y6EioekuNV+bXWtefWgr0gMOKbfllAp3GAGcBbajObGrX7Z5xet3DTvp
OVao2+ZfOZkXq12hhMypuYBC6FpJYKQLyWQtIzxP9igbyddW9C4Da5xlHuFij3GQ
W3Ij41q6tt7SdrsACBAkUBfnOpBGYDAQ2KioQyhSgAUPKBe/GkNuLPMh3WRcVpzg
/b4PwlgdtiV7sXPACyVz5h9Gr3gvv/K3PWzBian7ltCNPh0/F8h4T6BE+iGDEq3G
5o5fAcXkJtqj5KAWOlzbKf6H6nAa68KyHlINHS2Z7sfzmiF25MiitoARGzdNI0e/
Jc780w4QVleMyaNaI3kOOp46cMS/pFLk5wWvF5eiXj+Zrn7oGwyDp5U7pwIi5BML
FwBOgDKKT4h8tDwraJKMBMteC4aHY9cmkBooLOoC6ByMys6EbkXHdwdo8OY4gr0S
7QsXK0jKPZ/nhn2LmBi3bFEMFggxdOTyJDOariqFxunayIxOmw0PkBAzDI8bFPsC
8mMiDmklU3Hcp4wtVur9
=pA8X
-----END PGP SIGNATURE-----