Re: [Monotone-devel] Re: netsync transport encryption?

[Zack Weinberg]

On 10/25/06, address@hidden <address@hidden> wrote:
> On Wed, Oct 25, 2006 at 04:31:56PM +0200, Ulf Ochsenfahrt wrote:
> > Cem Karan wrote:
> > >In short, you would lose authentication and guarantees of privacy if you
> > >don't have each other's public keys, but it shouldn't affect the
> > >connection in any way, even for anonymous access.
> >
> > You totally ignore man-in-the-middle attacks, don't you?
>
> Presumably the man in the middle would be anonymous too.
> Or am I missing something?

In the scenario where the server is authenticated but the client isn't
(initial anonymous pull with the server's public key distributed some
other way, for instance), the man in the middle cannot impersonate the
server, and cannot gain any information that he could not have gotten
by just doing an anonymous pull himself.

In the scenario where neither side is authenticated (so we've fallen
back to D-H exchange) a man in the middle attack succeeds -- but this
is no worse than an unencrypted connection.  If what you're worried
about is eavesdropping rather than spoofing, you've still gained
security.

(For the record, I support intrinsic monotone support for encrypted
connections, but would like to point out that if we had key
integration with SSH or SSL or GPG, tunnelling would be a lot less
trouble, and possibly it would make sense then to do encrypted
connections by invoking SSH or whatever under the hood.  I haven't
thought enough about encrypted databases to have an opinion.)

zw