On May 28, 2010, at 6:59 PM, Michael Ash wrote: > An attacker can execute a man-in-the-middle attack... > An attacker can simply impersonate your app... > Neither of these can be defended against, even theoretically, when > communicating peer-to-peer.
Not true; if you use SSL or some equivalent, both peers can use certificates to identify themselves. This works if either (a) the certs are signed by a reputable authority (as in the traditional use of SSL by web servers), or if (b) each peer has previously verified the other’s identity and remembered the cert (as is done by SSH.) GameKit doesn’t do anything like this, though, although I can’t say for sure because Apple’s never published any information about the protocol used (to my knowledge). —Jens_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
