RE: FQDN

Thu, 24 Jul 2003 21:23:55 -0700 


> David Schwartz wrote:

> >     That's where your wrong. In the Internet trust model
> > (anyone can get a
> > certificate signed by a trusted authority, all the certificate
> > does it prove
> > they are who they say they are, not that they're someone I can
> > trust), this
> > *is* the protection against a MITM.

> This is not a MITM.  A Man-in-the-middle attack assumes a party on the
> wire, witnessing all communication and able to insert arbitrary text.

        Exactly. That's a MITM.

        If I connect to 'www.amazon.com' through a MITM, that MITM can do one of
two things. He can tamper with the certificate, replacing mine with his own,
or he can pass my certificate. Without this check, a MITM could pass his own
certificate, and handle both SSL conncetions (one to the server and one to
the client) indepedently. He could then do whatever he wanted with the
plaintext inbetween.

        It is precisely this check that defeats the MITM. If the MITM passes the
certificate unmolested, he can neither decode nor modify the plaintext. If
the MITM molests the certificate, this is the check that will reject the
connection.

        Otherwise, as I've explained twice now, a MITM from 'www.evilhost.com'
could grab any connection to 'www.amazon.com' and present his own
certificate. The certificate would seem valid. He could then himself connect
to 'www.amazon.com' and pass the plaintext, free to decode and manipulate
it.

        In the Internet's security model, this IS the defense against a MITM.

> SSL guards against this in the case where the server (and, optionally,
> the client) are authenticated.

        NO, IT DOENS'T! How am I protected against a MITM if I want to send my
credit card to 'www.amazon.com' but the MITM redirects me to
'www.evilhost.com'? The 'www.evilhost.com' server can present me
authentication -- they can get a Verisign certificate as easily as anyone.

        It is the check between the name in the certificate and the name of the
server (NOT THE DNS NAME) that defends against a MITM.

> The case of connecting to a different party (hijacking) has nothing
> whatsoever to do with MITM.

        A MITM is a different party! No offense, but do you have any idea what
you're talking about?

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to