LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Web of Trust isn't better, it's just better than nothing

The Web of Trust isn't better, it's just better than nothing

Posted Feb 20, 2010 16:37 UTC (Sat) by nix (subscriber, #2304)
In reply to: The Web of Trust isn't better, it's just better than nothing by tialaramex
Parent article: Trust, but verify

Unless you use only IP addresses when sshing everywhere, you're *already*
trusting the root. (Or maybe you use hosts files, yuck.)

(But! oh no! you're trusting everyone's BGP announcements as well! And
they're really easy to spoof...)

(Log in to post comments)

The Web of Trust isn't better, it's just better than nothing

Posted Feb 22, 2010 15:36 UTC (Mon) by micah (subscriber, #20908) [Link]

>(But! oh no! you're trusting everyone's BGP announcements as well! And
> they're really easy to spoof...)

Not if you are using authentication (typically MD5 based) and ACLs, or S-BGP. If you are accepting BGP advertisements from anyone, you are asking for it. You should only accept routing updates from trusted peers, peers that you have identified as ones that you should be receiving announcements from.

The Web of Trust isn't better, it's just better than nothing

Posted Feb 22, 2010 17:39 UTC (Mon) by nix (subscriber, #2304) [Link]

I'm assuming that you shouldn't really trust MD5-based BGP auth these
days, either. MD5 is quite broken these days (although perhaps not broken
enough to be able to forge BGP announcements with).

The Web of Trust isn't better, it's just better than nothing

Posted Feb 22, 2010 19:30 UTC (Mon) by paulj (subscriber, #341) [Link]

Attacks on BGP at a session level (e.g. breaking MD5 to sneak in bogus
packets) are not really the main worry when BGP systemically assumes that
speakers are trusted. There are various ways you can subvert routing,
including some quite ingenious, stealthy re-routing techniques described in
the last few years at blackhat conferences.

The Web of Trust isn't better, it's just better than nothing

Posted Mar 2, 2010 13:59 UTC (Tue) by robbe (guest, #16131) [Link]

> Unless you use only IP addresses when sshing everywhere, you're
> *already* trusting the root.

Am I? If I follow sound security practises (checking fp on new keys, not
ignoring the Big Scary Warning[TM]) all a malicious DNS can do is DOS me.

If you have HashKnownHosts disabled, you can even use known_hosts as a
poor man's directory service.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds