[cryptography] preventing protocol failings

Ralph Holz holz at net.in.tum.de
Wed Jul 13 06:11:15 EDT 2011


>> When systems come with good usability properties in the key management
>> (SSH, and I modestly suggest ZRTP and Tahoe-LAFS) then we don't see
>> this pattern. People are willing to use secure tools that have a good
>> usable interface. Compare HTTPS-vs-HTTP to SSH-vs-telnet (this
>> observation is also due to Ian Grigg).
> I reject the SSH key management example though.  Especially if you've
> ever maintained a large number/variety of unix servers running SSH,
> where hardware failures, machine upgrades, etc. lead to frequent SSH
> key churn.  In those cases the only solutions are:

I can second that with an observation made by several users of the
German Research Network (DFN), in December 2009. Someone had registered
a long list of typo domains, i.e. domains like tu-munchen.de instead of
tu-muenchen.de, and then installed an SSH daemon that would respond on
all subdomains.

Some users (including a colleague and myself) noticed that they suddenly
got a host-key-mismatch warning when accessing their machines via SSH -
and found that they had mistyped the host name *and still got an SSH
connection*. Neither my colleague nor me had entered our passwords yet,
but that was only because we were sensitive to host key changes at that
moment because we had re-installed the machines just a few days before
the event.

The server that delivered the typo domains was located in South Africa,
BTW. I don't even know if legal persecution is possible, and I don't
think anyone attempted. The DFN reacted in a robust way by blocking
access to the typo domains in their DNS. Not a really good way, but
probably effective for most users.

The question, after all, is how often do you really read the SSH
warnings? How often do you just type on or retry or press "accept"? What
if you're the admin who encounters this maybe 2-3 times day?

(Also, Ubuntu, I believe, has been known to change host keys without
warning when doing a major update of openssh.)


Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110713/5a86e60c/attachment.asc>

More information about the cryptography mailing list