Michael Sierchio <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>
> > This isn't a MITM attack, however.
>
> Sorry, Eric -- if you don't know or trust the signer, then you only
> know that the presenter (could be a MITM) has the private key associated
> with the pubkey in the cert. This means that a MITM attack is entirely
> possible. Trust in the CA is required to assure the binding of the
> SubjectPublicKeyInfo to the DN. That's the feature that prevents
> the MITM attack. There's also the convention among browser implementations
> that the CN should be the FQHN, which is a PITA for numerous reasons.
Yes, I'm quite aware of this. Check out who the author of RFC 2818
(which describes this check) is.
A MITM attack WOULD be possible if the browser didn't check the
server's certificate against the expected identity. However, since the
browser DOES make this check, an attempted MITM attack results in a
warning to the user. Yes, it's true that you need to trust the CA.
So what? This is explicitly part of the notion of certificates.
Anyway, reread my message. What I said was that a SPECIFIC attack:
downgrading the connection to 40-bit and then mounting an offline
attack on the session key wasn't a MITM attack. It isn't, because it
doesn't involve completing the connection on behalf of the server.
> Of course, your browser presents no warnings whatsoever for certs
> signed by any number of CAs that are "trusted" simply because their
> root certs are bundled with the browser.
I don't see what your point is here. First, this has nothing
to do with SSL per se. Second, the CAs in the browser have
ostensibly been vetted by the browser manufacturers. I've certainly
never heard of a case where they issued false certificates. Third,
if you don't like one of the roots, Netscape at least will let
you remove it.
> And unless you manually
> retrieve a CRL, you only know that a cert was valid when it was
> issued.
This is a problem with any certificate-based system and has nothing
whatsoever to do with SSL.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
