httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: pgp trust for https?
Date Tue, 08 Nov 2005 12:46:18 GMT
On Tuesday 08 November 2005 12:02, Brian Candler wrote:

[twice - please don't]

> On Sun, Nov 06, 2005 at 10:19:25PM +0000, Nick Kew wrote:
> > I'll sign my server.  Same as I'll sign an httpd tarball if I roll one
> > for public consumption.  You sign your server.  Where's the problem?
> The problem is that you'll have no protection against man-in-the-middle
> attacks, whereby an attacker impersonates you, or intercepts your traffic
> (decrypting it and re-encrypting it, allowing them to read and/or modify
> all communication on your supposedly 'secure' connection)

Nonsense.  The encryption is unaffected by this.  It's only the server
identity we're verifying.

> For example, an attacker could redirect requests for to
> their server, perhaps by spoofing the DNS, or by unplugging the cable
> somewhere between your ISP and your server and inserting their own server.
> Clients would be none the wiser.

Nonsense.  My server is signed with my (private) key.  If they've got my
key and passphrase, then the whole thing is dead, just as if they got
my verispam certificate.

> The attacker doesn't have your private key, so they would create their own
> key pair. As a result, the connecting client would see a *different* key
> than the one they would see if they connect to your server directly. The
> problem is, they have no way of telling which key is the one which belongs
> to you, and which one is the one which belongs to the attacker.

Of course you do!  That's exactly what the web of trust is all about.
By your argument, I shouldn't be able to trust the httpd-2.1.9 tarball
I downloaded about a week ago either - for exactly the same reason.

> If the client knows you personally, they can phone you up and ask for you
> to read the key fingerprint over the phone, or fax it to them. That doesn't
> scale very well.

And it's far more insecure.  If I've nicked your webpage, whose 'phone
or fax number do you suppose is on it?  And how is telephone routing
inherently any more secure than DNS, especially when so much of the
former Free World is openly becoming police states.

> So generally the client has to rely on a third-party to sign the key:

wtf do you suppose PGP is all about?  Please see

Nick Kew

View raw message