On Sun, Jan 06, 2002 at 12:36:22AM -0800, Vadim Zaliva wrote: > Hi! > > I am trying to use OpenSSL to build secure authenticated channel between > client and server. I want server to allow connections only from certain > clients, and I want client to be sure it is connected to the right server. > > I see how it could be done using certificates. However for my application > generating certificates would be to complex for end user. > > The simplest way I see it would be to use RSA public/private keys: the way > SSH does. So client and server each would have private/public key pairs > generated. When, I would manually add server public key to client side and > client public key to server side (server will possibly have more that one > client key). > > If there is anything wrong with the way I am planning to do it? It seems > to me that this should be pretty common usage. If somebody done this > before I would appreciate any advice. I am new to openssl and still > learning basics.
This seems fine. The only problem (and its a problem in ssh aswell) is the weak key binding. Its the warning you get in ssh when you change a host key. Warning Host key changed. Man in the Middle attack possible. blah blah blah. Most people just punch in yes and connect. How do you know its not a man in the middle attack? If you use certificates you can change the host key, and the client knows its a legitimate change because the key has been signed by a known CA. Thus you never have such a problem. If the certificate doesn't check out, then you know for *sure* that something is up. Of course if you use a strict check on your rsa host key, say that if the rsa host key doesn't match for that host you refuse a connection, then thats not a prob. The other weak key binding problem is when you first connect (unknown host key, blah blah, should I add it to known hosts?). What if someone has set up a man-in-the-middle before your first connect. There is no way of knowing. A certificate removes these problems because if both the client and server know in advance about the CA (even if the CA is you, not a real CA) then on the first connect, your client can determine for sure if the host key is legit, or forged. So the answer really depends on what you want to do, and how secure is secure? Kind Regards Crispin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
