Re: A proposal for secure videoconferencing and video messaging over the Internet

Fri, 28 Jul 2000 05:03:01 -0700 

     --
At 05:02 PM 7/27/2000 -0700, Steve Reid wrote:
 > Someone can pull off a man-in-the-middle attack without having to
 > "put on make up, [and] declare himself to be the other person". I
 > think MITM could be done effectively against your protocol without
 > requiring special help from the server.  Some trivial misdirection
 > is all that is required...
 >
 > [...]
 >
 >  Mallory sends The Real Alice an email claiming to be from The
 > Real Bob (this can be done with the usual spoofing) , telling Alice
 > that she can contact "him" as "Bob'"

Mallory can do this, but he cannot do it safely.  The likelihood of 
exposure is very high, and the longer the deception continues, the greater 
the prospect it will be exposed.

With email, one needs multiple addresses.  With a presence protocol, one 
does not.   One's presence connection follows one around, wherever one may 
be. hence "contact me as YYYY@XXXX" messages are unusual and worthy of 
mention.

If this is Alice's first contact with Bob through the secure protocol, she 
will surely mention how she obtained his address, exposing Mallory.

If this is one of many contacts, the fact that Bob is allegedly changing 
his address will be unusual, and worthy of comment, resulting in a 
substantial risk of exposure to Mallory.

Alice may well be already on Bob's buddy list by her true account name.  If 
this is the case, the fact that the person contacting him is not on his 
buddy list will draw Bob's attention to the fact that her account name has 
mysteriously changed, which he is likely to mention, exposing Mallory.

Suppose Mallory gets away with it once.  He cannot go on getting away with 
it indefinitely.

Things will get especially difficult for Mallory if Bob and Alice check 
into a conference call, into a chat room.

Suppose Bob and Alice want to bring Carol into their discussions.  Now 
Mallory needs to have anticipated this, and fed both Bob and Alice with a 
false address for Carol.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      77nP+A+D30tBirybWdit4bMREKlemeSbbsWOTeFa
      4bgXGklB9iCdvrOOFS1Iw/2BB10sCfwZREolawi4V

Reply via email to