On Fri, May 28, 2010 at 10:34 PM, Jens Alfke j...@mooseyard.com wrote:
On May 28, 2010, at 6:59 PM, Michael Ash wrote:
An attacker can execute a man-in-the-middle attack...
An attacker can simply impersonate your app...
Neither of these can be defended against, even theoretically, when
This is rapidly heading off-topic, but:
On May 29, 2010, at 4:15 AM, Michael Ash wrote:
Man-in-the-middle: if I execute the attack the first time you talk to
a given peer, you have no way of detecting me.
This is avoided using an out-of-band exchange of a secret over a trusted
channel
On Sat, May 29, 2010 at 3:04 PM, Jens Alfke j...@mooseyard.com wrote:
This is rapidly heading off-topic, but:
On May 29, 2010, at 4:15 AM, Michael Ash wrote:
Man-in-the-middle: if I execute the attack the first time you talk to
a given peer, you have no way of detecting me.
This is avoided
Answer:
Never trust any data that you did not generate yourself and are 100%
certain it is bug free.
Meaning:
Don't process it at all ever until you run sanity checks against it.
Trust is an entirely different animal.
Thanks,
Barry
On May 29, 2010, at 4:42 PM, Michael Ash
On May 28, 2010, at 6:59 PM, Michael Ash wrote:
An attacker can execute a man-in-the-middle attack...
An attacker can simply impersonate your app...
Neither of these can be defended against, even theoretically, when
communicating peer-to-peer.
Not true; if you use SSL or some equivalent,