Re: which security protocol for dealing with this situation

From: comphelp@xxxxxxxxx (Todd H.)
Date: 27 Sep 2007 16:48:56 -0500

ben@xxxxxxxxxxxxxx writes:

which security protocol would enable two particular computers to
connect and autenticate that each other are talking to the machine
they're supposed to be?

ssh would provide for these requirements. The ssh server has a host
key that a proper ssh client will ask to verify upon initial
connection, and will store for later conenctions, warning you if
the host key changes.

To do the initial verification, the client can call or email a trusted
party asking for the output of

$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
$ ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub

and making sure one of those fingerprints matches what the client is
seeing.

If the "base" machine is not running a linux variant, the ssh server
you use will have some sort of analogous way of giving a fingerprint
of the server's host key.

actual situation:

piece of software running on base machine which is connected to the
net via broadband (so dynamic ip address), so it has subscribed to a
dynamic ip address service like www.dyndns.org.

mobile device with internet capability wants to connect to base
machine so uses the dyndns address. at this point the base machine
should request a password, and the mobile device user provides the
password, but something's needed to cope with a possible man in the
middle attack. assuming someone has remapped the ip address of the
base machine to themselves how can that be dealt with? which protocol,
if there is one, will do this? the base machine and mobile device can
share a secret reliably in the set up stage and possibly/probably at
later stages (because the mobile device owner and the base machine
owner are one in the same and can physically connect the two when
setting it up).

any ideas? thanks.

--
Todd H.
http://www.toddh.net/
.

Follow-Ups:
- Re: which security protocol for dealing with this situation
  - From: ben

References:
- which security protocol for dealing with this situation
  - From: ben

Prev by Date: Re: which security protocol for dealing with this situation
Next by Date: Re: which security protocol for dealing with this situation
Previous by thread: Re: which security protocol for dealing with this situation
Next by thread: Re: which security protocol for dealing with this situation
Index(es):
- Date
- Thread

Relevant Pages

Re: which security protocol for dealing with this situation
... the real base machine and the mobile user to make sure each other are ... Windows, ... talking about a mobile device which has a web browser with JavaScript ...
(comp.security.misc)
Re: which security protocol for dealing with this situation
... In your policies, you can specify DNS names rather than IP addresses, so I don't see an issue with DynDNS. ... piece of software running on base machine which is connected to the ... and the mobile device user provides the ... later stages (because the mobile device owner and the base machine ...
(comp.security.misc)
which security protocol for dealing with this situation
... which security protocol would enable two particular computers to ... piece of software running on base machine which is connected to the ... and the mobile device user provides the ... later stages (because the mobile device owner and the base machine ...
(comp.security.misc)