Bugtraq mailing list archives

Re: "The End of SSL and SSH?"

From: Alfred Perlstein <bright () WINTELCOM NET>
Date: Wed, 20 Dec 2000 15:45:42 -0800

* Perry E. Metzger <perry () PIERMONT COM> [001220 15:05] wrote:

Kurt Seifried in an article on SecurityPortal shrilly entitled "The
End of SSL and SSH?" claims that SSH needs a PKI to be secure.

The claim is that because people have built man-in-the-middle attack
software (see http://www.monkey.org/~dugsong/dsniff/) that can
intercept SSH sessions, that SSH is insecure. After all, if a MITM
attack happens, the user will be informed of this, and since the user
can choose to ignore the warning that a host key has changed and log
in, SSH must be fatally flawed. Without a PKI, Seifried claims, there
is no way to know if a host key is authentic.

This argument makes absolutely no sense to me.

The problem is simply one of the user interface allowing a user to
ignore a security failure. If a remote login utility using a PKI
prompted the user with "host key is not certified, log in anyway?", it
would be no better than SSH implementations. If A kerberized remote
login utility prompted a user with "remote key is incorrect, log in
anyway", it too would be no better.

If this is truly the extent of the flaw Mr. Seifried things requires a
full PKI to fix, I'd like to know why setting

StrictHostKeyChecking yes

isn't a near-complete fix to the "End of SSH" Mr. Seifried predicts.


Yes, there's a summary here:

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=129878+0+current/freebsd-security

You can read Kurt's response to my initial complaint here:

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=133111+0+current/freebsd-security

And yes, his prediction is based on the stupidity and carelessness of
users who are pavlovian trained to click/reply "YES, I don't care about
this problem" when confronted with a dialog box no matter how dire the
warning in the dialogue.

There's also no mention of using pgp or some other trusted mechanism
to distribute the known server keys in the article.

But, hey, with things like NAPTHA making headlines, who said anyone
wasn't entitiled to their 15 minutes? :)

--
-Alfred Perlstein - [bright () wintelcom net|alfred () freebsd org]
"I have the heart of a child; I keep it in a jar on my desk."

Current thread:

Re: "The End of SSL and SSH?", (continued)
- - Re: "The End of SSL and SSH?" Kurt Seifried (Dec 19)
    - Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 19)
    - Re: "The End of SSL and SSH?" Stefan Monnier (Dec 20)
    - Re: "The End of SSL and SSH?" Brett Glass (Dec 20)
    - Re: "The End of SSL and SSH?" Crispin Cowan (Dec 20)
    - Re: "The End of SSL and SSH?" Ajax (Dec 20)
    - Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
    - Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
    - Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
    - Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
  - Re: "The End of SSL and SSH?" Alfred Perlstein (Dec 20)
    - Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)
  - Re: "The End of SSL and SSH?" Kurt Seifried (Dec 21)
    - Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
    - Re: "The End of SSL and SSH?" Samuele Giovanni Tonon (Dec 21)
    - Re: "The End of SSL and SSH?" - mongo followup Kurt Seifried (Dec 24)
    - Re: "The End of SSL and SSH?" Adrian Close (Dec 22)
  - Re: "The End of SSL and SSH?" Martin Rex (Dec 21)
    - Re: "The End of SSL and SSH?" Darren Reed (Dec 21)
    - Re: "The End of SSL and SSH?" Klaus Moeller (Dec 22)
  - Re: "The End of SSL and SSH?" Adam Shostack (Dec 21)