[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: netsync transport encryption?
|
From: |
Zack Weinberg |
|
Subject: |
Re: [Monotone-devel] Re: netsync transport encryption? |
|
Date: |
Wed, 25 Oct 2006 12:49:53 -0700 |
On 10/25/06, Ulf Ochsenfahrt <address@hidden> wrote:
Zack Weinberg wrote:
> In the scenario where the server is authenticated but the client isn't
> (initial anonymous pull with the server's public key distributed some
> other way, for instance), the man in the middle cannot impersonate the
> server, and cannot gain any information that he could not have gotten
> by just doing an anonymous pull himself.
If you allow anonymous pull, encrypting the connection gives no security
whatsoever. Correct me if I'm wrong.
Depends on your threat model. If what you want to guard against is
revealing the content of the database to untrusted parties, then yes,
encryption gives no security if anonymous pulls of the entire database
are allowed. If, however, you don't care about the database content
but you *do* want to conceal the identities of everyone who is
contributing, then you want to make anonymous pulls and keyed syncs
indistinguishable to traffic analysis, and encrypting anonymous
connections is necessary for that. [To be truly robust to traffic
analysis you would have to do rather more work than just that, but
you're dead in the water if anonymous pulls are unencrypted.] This is
just the one example I thought of in two minutes; I'm sure there are
others.
zw