Yes, but that also means that there is no security benefit in storing a DNS name/IP address within the certificate. It is simply redundant, no?
/Jan On Thu, 2002-01-10 at 15:09, Neff Robert A wrote: > No, you misunderstand the handshake. B cannot be impersonated by C > because C does not have the private key associated with the public > key contained within B's certificate and thus cannot present that > cert to successfully establish an SSL connection... > > -----Original Message----- > From: Jan Vittrup Hansen [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 09, 2002 8:41 AM > To: [EMAIL PROTECTED] > Subject: Why DNS/IP in certificate? > > > Why should one include the DNS/IP of oneself in a certificate? > > Consider A connecting to B. > > B exposes a certificate from a trusted CA to A. > > Now C tries to impersonate B. It easily finds B's certificate, > and somehow manages to redirect or intercept the connection request from > A. > > It responds with B's certificate, and so connection is established. > HOWEVER: Since C does not have B's private key, it is unable to sign > data, or decrypt data. Thus it cannot inflict damage? What am I missing? > > Also, do OpenSSL automatically renegotiate symmetric keys every X > minutes (or Y bytes)? > > Regards, Jan > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ***************************************************************** > DISCLAIMER: The information contained in this e-mail may be confidential > and is intended solely for the use of the named addressee. Access, copying > or re-use of the e-mail or any information contained therein by any other > person is not authorized. If you are not the intended recipient please > notify us immediately by returning the e-mail to the originator. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
