On Wed, Jul 23, 2003 at 01:28:36PM +0100, Dan Kendall wrote:
> I'm a newcomer to this crypto business and maybe I'm a little confused... I
> don't want to hijack this conversation but surely somebody from evil.bar.com
> could provide a certificate signed by a trusted party for example.foo.com.
> After all, the certificate is public right? So something else, be it DNS
> related or otherwise, must be needed to make sure the connection is sound.
> Is it not common practice to do a test encryption, thereby ensuring the
> 'other end' has a private key to match the public key in the certificate?
This is an elementary part of the protocol. Your party will send its
certificate _and_ will cryptographically sign it with the private key.
Therefore only the holder of the private key will be able to use the
public key being part of the certificate.
Again: DNS is not secure. Therefore the standards (RFCs) describing
the use of TLS for certain protocols insist on:
1 choose a peer and remember its NAME
2 look up the peer in DNS, if required to establish the connection
3 perform the TLS handshake and obtain the peer's certificate
4 check validity of the certificate (expiry, CA, ...)
5 check whether the subject certified is identical to NAME
Point 2 (DNS lookup) is only an auxilliary step required due to the
network protocol used. It does not have any security implications beyond
the fact that it is not trustworthy. The security comes from step 5.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
