[NNTP] Comments on draft-...-authinfo-03
Clive D.W. Feather
clive at demon.net
Mon Oct 4 03:02:36 PDT 2004
Charles Lindsey said:
>> Only if it knows the exact length of the string. Okay, it can make a
>> separate connection to the server to see, but it's starting to get a bit
>> threadbare as a threat.
> But surely the attacker will wait till he has seen the server's attempt. I
> am assuming that this "man in the middle" is receiving packets from the
> server and normally passing them on to the client unchanged. When he sees
> "AUTHINFO SASL:WEAK,MEDIUM,STRONG", he drops it on the floor and inserts
> "AUTHINFO SASL:WEAK FOOBAR GZNORT" in its place.
As I understand it, this "man in the middle" doesn't have the ability to
delete packets, merely to inject them faster than the server does (so that
the server's are rejected as duplicates).
If he can delete and replace packets (or, equivalently, modify their
contents in flow) he can run two separate conversations and watch the
plaintext; there's no need for this fuss.
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | Fax: +44 870 051 9937
Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc | |
More information about the ietf-nntp
mailing list