RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

Sun, 10 Aug 2008 19:29:28 -0700 

Richard Salz wrote:

> >    If a browser has a maliciously-included root certificate placed
> > there by an attacker and ...

> I'm not aware of any definition of MITM that includes compromising any
> part of an endpoint.  Could you point to one?
>
>         /r$

        I didn't say you are vulnerable to a MITM attack that compromises the
endpoint. I said that if the endpoint is compromised, you are vulnerable to
MITM attacks. The attacker need not compromise the endpoint himself. He may
discover that a poorly-designed endpoint (even though it implement SSL
perfectly) is in fact compromised.

        What I'm saying is that you can't say "I use SSLv3, so I don't have to
worry about a MITM attack". While SSLv3 provides the tools to prevent MITM
attacks, it doesn't -- by itself -- prevent them. Users of OpenSSL and SSLv3
must understand that they have to use SSL correctly or SSL's ability to
protect against MITM attacks will do them no good.

        SSLv3 provides a certificate system that can protect you against MITM
attacks. However, it is up to the SSLv3 user to use that system, as part of
a public key infrastructure or some other way, to actually get the
protection.

        This is a rehash of an old argument, but my whole point is that if 
you're
implementing SSL in a custom application with custom clients and servers,
you *do* have to worry about MITM attacks. You can't say, "I use SSL, so I
don't have to worry about MITM attacks".

        All you have to do is fail to properly check the endpoint certificate, 
and
you are vulnerable to MITM attacks. This is so even though your
implementation of the SSL protocol is flawless.

        It is possible to implement SSLv3, the protocol, perfectly, and still
accidentally produce a compromised endpoint that is vulnerable to a MITM
attack.

        So you can say "I use SSLv3 as part of a comprehensive system including 
a
public key infrastructure to validate endpoints and thereby protect against
MITM attacks". The Internet's CA system is part of just such a system. CAs
(or some equivalent) are needed because SSLv3 can't do it by itself.

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to