has a TLS server (or client, for that matter) key ever actually been compromised?

Hi, Marc!

I don't know about in-the-wild attacks.

However, proof-of-concept attacks:

Server-side: Brumley and Boneh did timing attacks on Apache SSL servers---see their Usenix Security paper from 2003.

Client-side: we've done a number of host-based attacks and http-based attacks, to steal or borrow use of a user's client-side SSL/TLS key. See:

 J. Marchesini, S.W. Smith, M.Zhao.
"Keyjacking: The Surprising Insecurity of Client-side SSL"
Computers and Security.  To appear, 2004.


Sean W. Smith [EMAIL PROTECTED] www.cs.dartmouth.edu/~sws/
Asst Prof, Department of Computer Science, Dartmouth College.
Director, Cybersecurity and Trust Research Center, Institute for Security Technology Studies.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to