Chase Douglas wrote: > I'm reading the actual X.509 (03/2000) specification and it refers to > a subjectPublicKeyInfo field. Is this what you are meaning by > "subjectKeyIdentifier"?
These fields are not useful because they are not required to be hashes of the public key. You should use a hash of the public key. That will definitely force an attacker to use the same public key, which he cannot do. (Since he doesn't know the corresponding private key.) I'm not 100% certain, but it seems to me that using a hash of the certificate or a hash of the certificate signature should work equally well. I can't see any way to change the public key without changing these fields as well. > Are you suggesting that I only display the key hash? Is it really > useless to display information even on just the subject? What if the > subject doesn't match the server? Shouldn't there be some kind of a > warning so a user doesn't just assume it's ok, or is it just not worth > it given that a malicious cert could try to have the same subject > information? As I said, from a security standpoint, that only creates a warm, fuzzy feeling. An attacker can trivially obtain your certificate and create one with those fields the same. Most likely, an attacker would start with your certificate and change only what he needed to change. So you can certainly do this, and it probably does make sense. It will catch an inadvertent connection to the wrong server or perhaps some stale DNS or dynamic IP type stuff. But it will not really have any effect on security. You will still have 100% protection from passive attacks and a protection from active attacks that solely depends on validating the public key (or equivalent). DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
