From owner-freebsd-questions@FreeBSD.ORG Wed Mar 10 10:59:48 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17D281065674 for ; Wed, 10 Mar 2010 10:59:48 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id 8D4E28FC1C for ; Wed, 10 Mar 2010 10:59:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id CB35A3A386E; Wed, 10 Mar 2010 17:59:44 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= references:subject:subject:in-reply-to:from:from:message-id:date :date:received:received:received; s=selector1; t=1268218784; x= 1270033184; bh=IVHVh0Xb1Z3bONWy6cuTXzNuynwzJCaf2YeBy19EgMo=; b=H p28ne3SEUJXa0kFIhmevvu92XkhNCwznkhfaF54uGxSAzZp/EJoHjNxov/uRv+A2 9NB8NEbcFDpatNybMMJAYNEaK00T7eSlikN9HMvEeb02SoKFN/+kRi4nlrfwOqT+ P3Ydbolcizj0Un/PQVFd/ateK7FWw3aUFP9A0qgqNk= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by localhost (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id tCe2tlM2n80t; Wed, 10 Mar 2010 17:59:44 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id 69B233A386B; Wed, 10 Mar 2010 17:59:44 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.14.3/8.14.3/Submit) id o2AAxfns092895; Wed, 10 Mar 2010 17:59:41 +0700 (ICT) (envelope-from on) Date: Wed, 10 Mar 2010 17:59:41 +0700 (ICT) Message-Id: <201003101059.o2AAxfns092895@banyan.cs.ait.ac.th> From: Olivier Nicole To: perryh@pluto.rain.com In-reply-to: <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com> Cc: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2010 10:59:48 -0000 Hi, > > The pre-shared information need not to be secret ... but there is > > need for pre-shared trusted information. > Er, if the pre-shared information is not secret, how can I be sure > that the person presenting it is in fact my intended correspondent > and not a MIM? That is why I wrote "trusted", I don't assume how this is trusted, but I need to trust it. If I am 100% sure the fingerprint comes from the right guy, I can easily test that the fingerprint corresponds to the intended public key, so that the publick key effectively belongs to the right guy, and crypting with that public key, only the right guy with his provate key will be able to read my message. Now Diffie-Hellman may help providing the trust for the fingerprint. Bests, Olivier