from Perspectives

When you use a secure protocol like SSL or SSH to communicate on the Internet, your communication is vulnerable to a “man-in-the-middle” attack unless you are able to identify the remote server in a secure manner. One way to do this is to have the server participate in a “Public Key Infrastructure” (PKI) and buy a certificate from a certificate authority like VeriSign.

Unfortunately, PKI’s can be expensive and cumbersome to operate, leading to widespread use of a simple and cheap “Trust-on-first-use” mechanism commonly associated with SSH and HTTPS with self-signed certificates. Unfortunately, this comes at the cost of security.

Few users bother to verify the correctness of the key manually (hey, we’re lazy by nature!), but Perspectives provides a simple “no effort” way to get significantly more information about whether a key is correct for that destination. A client can automatically make a secure connection to one of several publicly available “network notary servers” located around the world. These servers tell the client:

1. What key does the server see for host.domain.com right now?
2. What keys has the server seen in the past for host.domain.com ?

The replies from the network notaries can go a long way toward either providing the user with confidence that the key it received is valid, or that a real threat of a “man in the middle” attack exists.

The end result is that instead of having applications issue bland warnings, which users often ignore, the application can either skip the warning if notary data indicates the the key is valid, or give a very stern warning in the rare cases when an attack appears to be in progress.