I am not sure about this. First, there is a built in MITM attack here. First time you connect to sshd, the server has no idea who you are. I suppose this could be mitigated by using HTTPS as the out-of-band channel for verifying client and server fingerprints. Second, ssh keys are somewhat limited. You can only have one public key for a private key. You cannot embed identity info in the public key. I would much rather see hog keys used for this. For developer types that should be just as easy. For real people the UI would still have to be developed but could actually include useful features, such as user identities.
How do you know that the sshd you connect to is authentic and not a MITM? More importantly, how does the sshd know that the incoming connection is you and not a MITM?
How do you know that the sshd you connect to is authentic and not a MITM?
You'd need the server fingerprint on the site (served over https, of course).
More importantly, how does the sshd know that the incoming connection is you and not a MITM?
But that's the point, there is no "you" to authenticate, since you're signing up for a new account. The sshd generates a token URL and then stores your fingerprint with that token. Then you can use that token to login to the actual site and fill in your information.
If you're MITMing someone, the server shouldn't care, it's the client's job to make sure it's talking to the right server. See above.
>I am not sure about this. First, there is a built in MITM attack here.
This always sounds like a NSA shill argument to me. Sure, you can MITM, but then, you HAVE to MITM on the very first request of every user to make that work. That's much more expensive than vacuuming up passwords server side with gag orders.
>Second, ssh keys are somewhat limited... You cannot embed identity info in the public key.
That's ridiculous. Who would want to? You are looking for an authorization solution. SSH is for authentication.
Who said MITM isn't a threat? I'm talking about the difference between targeted surveillance (MITM) and dragnet surveillance. If you think you have any solution that would beat the NSA at targeted surveillance, you are dead wrong.
In the meantime, not trusting a third party server with a password would go a long way toward defeating dragnet surveillance. Read the reports. NSA defeats your SSL routinely, and they are MOST INTERESTED in the part where you supply a server with a password. They can only bust SSH some of the time. There is a very real security difference between the two.
Snowden got exiled bringing you the news. At least have the decency to read it.
Except the NSA almost certainly has the ability to MITM ssl connections, which means the whole CA thing doesn't gain you that much if NSA is what you care about.
Of course I can MITM something without CAs if you're on public wifi, provided I intercept the very first connection, so it's a valid question for defending againt less sophisticated attackers.
