Why should one include the DNS/IP of oneself in a certificate?

Consider A connecting to B.

B exposes a certificate from a trusted CA to A.

Now C tries to impersonate B. It easily finds B's certificate,
and somehow manages to redirect or intercept the connection request from
A.

It responds with B's certificate, and so connection is established.
HOWEVER: Since C does not have B's private key, it is unable to sign
data, or decrypt data. Thus it cannot inflict damage? What am I missing?

Also, do OpenSSL automatically renegotiate symmetric keys every X
minutes (or Y bytes)? 

 Regards, Jan

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to