[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: login failure on WindowsNT
From: |
Derek R. Price |
Subject: |
Re: login failure on WindowsNT |
Date: |
Tue, 17 Oct 2000 18:03:43 -0400 |
Rich Salz wrote:
> > Then cvs:// could mean connect to port 2401 and ask
> > what authentication methods are valid. The server would respond with a
> > list and
> > the client would use whatever it thinks is the most secure to authenticate
> > and set
> > up an encryption stream.
>
> Oooh, no, you *DON'T* want to do that -- it's a classic "man in the
> middle" attack. I can sit between you and the server and force you to
> downgrade to a lower security level. Early SSL had this problem.
Well, kinda. An attacker could downgrade the security level to the minimum
level
acceptable to the server and no lower. If the lowest security level was
perceived as
that dangerous to use, I'd assume the server's administrator wouldn't have set
it as
acceptable.
> Designing security protocols is hard. Recommend we stick to one hard
> problem (source control) here.
> /r$
Well, I was trying to simplify the matter. The current jumble of authentication
techniques seems to be a mess. I was thinking this might serve to separate
them out a
little better as a module and make them serve more invisibly.
Not that I'm in a hurry, mind you. Just a project to stick on the list. I
still have
to get around to looking at Alexey Mahotkin's nserver model too.
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:address@hidden OpenAvenue ( http://OpenAvenue.com )
--
Old heads as well as young may sometimes be charged with ignorance and
presumption. The natural course of the human mind is certainly from credulity
to skepticism.
- Thomas Jefferson to Caspar Wistar, 1807
- Re: login failure on WindowsNT, (continued)
RE: login failure on WindowsNT, John Scott - Outlook, 2000/10/12
Re: login failure on WindowsNT, Derek R. Price, 2000/10/12
Re: login failure on WindowsNT, Derek R. Price, 2000/10/12
Re: login failure on WindowsNT, rsalz, 2000/10/12