p2pnet - rss feed: Keeping an eye on security certificates
p2pnet news view | Security:- When and if you use a secure protocol such as SSL or SSH to communicate online, “your communication is vulnerable to a ‘man-in-the-middle’ attack” unless you’re able to identify the remote server in a secure manner.
So says Carnegie Mellon’s CyLab.
You can achieve this by having the server take part in a “Public Key Infrastructure” (PKI) and by buying a certificate from a certificate authority such as VeriSign, say lab researchers, going on:
“Unfortunately, PKI’s can be expensive and cumbersome to operate, leading to widespread use of a simple and cheap ‘Trust-on-first-use’ mechanism commonly associated with SSH and HTTPS with self-signed certificates.”
And there’s a security risk, say David Andersen, Adrian Perrig and Dan Wendlandt.
Meet Perspectives, a, “new approach to help clients securely identify Internet servers in order to avoid ‘man-in-the-middle’ attacks”.
It’s simple and cheap compared to existing approaches, “because it automatically builds a robust database of network identities using lightweight network probing by ‘network notaries’ located in multiple vantage points across the Internet,” say the three.
A new version of our Firefox extension with support for additional platforms is available, they say.
Meanwhile, they’re also looking for help, so if you’d like to get involved by writing code, running a notary, designing GUI’s, or writing documentation, “please email us,” say Andersen, Perrig and Wendlandt, adding they plan to soon launch a page to facilitate contributions.
Click here for Perspectives: Improving SSH-style Host.
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
