[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] key exchange

From: Christian Grothoff
Subject: Re: [GNUnet-developers] key exchange
Date: Thu, 13 Feb 2003 06:24:43 -0500
User-agent: KMail/1.4.3

Hash: SHA1

On Wednesday 12 February 2003 08:33 pm, Glenn McGrath wrote:
> I think the initial key exchange HELO messages would be vulnerable to a
> man-in-the-middle attack, maybe it be better to ue Diffie-Hellman.

First, GNUnet is not vulnerable to a man-in-the middle attack which was 
already stated in the GNet whitepaper:

One of the main issues with SSH is the possibility of a man-in-the-middle 
attack when the public keys are exchanged. Interestingly, this attack should 
not have an impact on gnet. Hosts are identified by their secret key, and
that is all that matters. IP addresses, port numbers, locations, are all 
irrelevant properties. If Mallory intercepts the communication between Alice 
and Bob, they will both exchange data with Mallory---and judge him by his 
behavior (potentially affecting his reputation). If he answers queries and 
behaves well, they will give Mallory credit for that. If Mallory floods their 
nodes with requests, they will at some point refuse to connect with him as 
his reputation will deteriorate.

As long as Alice and Bob just want to communicate with someone (and get to 
know someone), Mallory cannot stop them. In GNet, nodes never want to 
communicate with a specific host in the sense of an IP or other network 
address. They only want to communicate with a node that has a particular 
secret key, and these secret keys are learned over time.

Also note that DH is just another public key crypto system that by itself 
would not prevent a man-in-the-middle attack. Defeating that type of attack 
typically requires changing the higher-level protocol (e.g. by using the 
interlock protocol by Rives and Shamir). Note that I am *not* saying that 
this type of change would make any sense for GNUnet. 

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see


reply via email to

[Prev in Thread] Current Thread [Next in Thread]