Security and TOFU

Aleix Pol aleixpol at kde.org
Mon Nov 14 16:41:55 UTC 2016 

On Mon, Nov 14, 2016 at 4:07 PM, Giedrius <iksius at gmail.com> wrote:
> What I am thinking about is not security of SSL or encryption
> algorithms but rather trust-on-first-use method. As I understand this
> method mostly relies on users ability to check and validate
> certificate fingerprints. It might be ok for SSH where users can be
> expected to be IT and security savvy, but in my opinion it is not ok
> for a regular user. First of all certificate validation is not
> enforced in any way, so the average user most often would just ignore
> this step. Also, certificate fingerprints are quite complicated and
> can make validation error prone or may discourage the validation step
> altogether  (I am not sure how feasable it is, but an attacker could
> try to generate its own certificates which would produce similar
> fingerprints). Are such my wories invalid?
>
> As I said, I am not security expert and I would be very glad if
> someone corrected me :)
>
> Giedrius
>
>> Nothing in this life is completely fail- or hack-proof, but I think KDE
>> Connect security is, at this point, pretty decent :)
>>
>> Since the recent version 1.0, it uses SSL and trust-on-first-use, like SSH
>> (which you could say is not hack-proof either, nothing is). Of course, SSH
>> has likely been audited way more than kdeconnect, so if you are a security
>> specialist and want to check kdeconnect for implementation errors or other
>> security flaws, it would be of great help!
>>
>> Albert
>>
>> On Sun, Nov 13, 2016 at 6:50 PM, ixius ixius <iksius at gmail.com> wrote:
>>
>> > Hello,
>> >
>> > I am concerned about security aspect of the kde-connect pairing procedure.
>> > I am no expert in security but as I understand the pairing of the devices
>> > currently is not completely fail-(or hack-)proof. Am I right or am I
>> > missing something? And if I am not wrong, I wonder if there are any plans
>> > to solve the issues?
>> >

> As I understand this
method mostly relies on users ability to check and validate
certificate fingerprints

How did you get to this conclusion?

If the certificates aren't properly paired, it won't be possible to
communicate both devices.

Aleix

More information about the KDEConnect mailing list