Re: Integrity protection of fetches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2010-08-06 at 11:29 -0500, Steve Bonneville wrote:
> i.grok@xxxxxxxxxxx wrote:
> > Ideally (from this perspective), the host would validate the response itself.
> 
> Exactly, if sshd is sufficiently paranoid it should make a query with
> CD set in the request and do all the validation client-side.  If you let 
> your nameserver do the validation, I think it's still possible to MITM 
> this by messing with the communication between the stub resolver and the 
> name server, which isn't secured.

Not to mention that one has to trust one's own nameserver, which is a
bad idea when using a public wireless access point.  In order to achieve
the same security properties as SSL/TLS as commonly practiced, local
validation is the way to go.

-- 
Matt

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux