Frank Millman enlightened us with: > If I understand correctly, a 'man-in-the-middle' attack would > involve someone setting up a 'pseudo server', which gives the > correct responses to the client's attempt to log in
That's right. Usually it's done by proxying the data between the client and the real server. > and would also involve someone manipulating the client parameter so > that it points to the pseudo server instead of the real server. Yup. This can be done in various ways, like ARP poisoning of the network. Then the IP address will not change, but the network card that the traffic is sent to will. The fraudulent server, having the correct ARP table, can then forward the captured data to the real server. > What I have not understood is how to prevent this. How can the > client distinguish between a valid server and a fraudulent one? By checking the certificates. The CA mustn't sign server certificates except for the real server. The fraudulent server thus has no valid server certificate. > If it obtains the server credentials dynamically, the fraudulent > server can supply fraudulent credentials. If somehow the client must > know in advance what the credentials are, then these can only be as > secure as the parameter that tells the client how to connect in the > first place. True, but as you can see above, making the client talk to another computer doesn't have to involve accessing and changing the client's filesystem. > I more or less understand the concept of setting up a secure server, > with a signed key that can be validated via a trusted authority, but > surely it is not necessary for every user of my software to register > with such an authority before they can get protected communication > between their own clients and their own server. If you want to be secure, that *is* necessary. Every client should have a valid, signed certificate, and every server should too. Sybren -- The problem with the world is stupidity. Not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself? Frank Zappa -- http://mail.python.org/mailman/listinfo/python-list