On 11/17/2009 04:53 AM, Patrick O'Callaghan wrote:
It's my understanding that the password would still be sent over an encrypted channel (using the original host's public key), so I don't see the problem.
There is no original host in the hypothesized scenario. There's an attacker whose public key has a fingerprint that matches the original host. The victim connects to the attacker instead of the original host. Since the original host isn't involved, the original host's key won't be either.
However, as previously stated, this is extraordinarily difficult by design. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
