Date: Mon, 25 Jun 2012 19:20:35 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Garrett Wollman <wollman@bimajority.org> Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... Message-ID: <4FE91C73.8040500@FreeBSD.org> In-Reply-To: <20457.6828.250844.390589@hergotha.csail.mit.edu> References: <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20457.6828.250844.390589@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/25/2012 19:13, Garrett Wollman wrote:
> <<On Mon, 25 Jun 2012 18:55:54 -0700, Doug Barton <dougb@freebsd.org> said:
>
>> Right. That's what Dag-Erling and I have been saying all along. If you
>> have the private host key you can impersonate the server. That's not a
>> MITM attack. That's impersonating the server.
>
> If you can impersonate an ssh server, you can also do MitM, if the
> client isn't using an authentication mechanism that is securely tied
> to the ephemeral DH key protecting the session. Not clear that this
> makes any difference in practice.
If you're impersonating the server you already have the traffic,
whatever else you can do for *that session* is an implementation detail.
For the zillionth time, my point is that being able to impersonate the
server is not going to get you anywhere for sessions *other* than the
ones that terminate at your fake-but-has-the-private-key host.
If anyone believes otherwise, please post how it can be done, in detail.
Otherwise please let this thread die.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE91C73.8040500>