Vadim Zaliva <[EMAIL PROTECTED]> writes: > On 6 Jan 2002, Eric Rescorla wrote: > > I would like to thank everybody who responded to my previous messages. > > > This can't be done with SSL exactly the way you want to do it. The > > only way that SSL knows how to carry public keys is via certificates. > > I would love to use certificates, but my problem with them is the > following: My client installs server and client. He should be able to set > them up without requesting something from 3-rd party CA. If I understand > correctly, the only solution in this case would be to generate his own CA > and generate certificates with it. I am not sure how much secure it would > be. Also I would like to make it not too complex for end user. After > installing server and client he should not perform many complex steps to It's trivial to have your softare automatically generate self-signed certificates. OpenSSL knows how.
> 1. Password > > Server have password and keeps either whole password of MD5 of it. Clients > establishes SSL connection (w/o certificates) and sends password. > > This is not very secure from "man-in-the-middle" attack. Right. You need certificates on the server side to protect against MITM. > 2. Challenge-Response > > I do not know yet how to implement this. Advice appreciated. See (for instance) the mechanism in RFC 2095. > 3. Certificates > > After server is installed, certificate authority is generated. When > using this CA, server certificate is generated. For each client, new > certificate is generated using same authority. While establishing SSL > connection client and server certificates are exchanged. (The question > I am not completely understand yet, is how to check if they are the > right ones. Probably I need to keep copy of server certificate on > client side and compare one received over the connection with it?) Not quite. You set the CA as the root on the both sides and tell OpenSSL to enforce certificate verification. The tricky bit is establishing the binding between clients and their public keys in order to issue the correct certificates. This is often done with passwords. > 4. RSA keys > > Similar to SSH. I understand that OpenSSL protocol does not have > specific support for this, so it have to be written on top of it, > after SSL connection is established. I guess server have to send some > token signed with its key, which client have to send back signed with > its. Checking signatures would ensure identity of both. There's no point in doing this. Self-signed certificates are equally easy. -Ekr ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]