On Tue, Oct 17, 2000 at 12:02:35PM -0400, [EMAIL PROTECTED] wrote:
> I am not familiar enough with the protocol to answer this question:
> is it possible for an evil SSL server to send packets such that it
> ends up with an arbitrary signature from a client? I'm trying to
> emphasize the importange of keyUsage bits. :)
The only time the client signs something is when the
server requests client auth. In TLS, the client signs MD5 and/or SHA1
hashes of the TLS handshake messages that have passed between
the client and server at that point in the protocol.
In SSLv3, it signs an MD5 and/or SHA1 HMAC-like (nested hash with pads)
of the same handshake messages.
So it looks like the anwer is no.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Consulting Security Architect
