"Greg Stark" <[EMAIL PROTECTED]> writes:
> Kurt Seifried has written an article (www.securityportal.com) in which
> he claims there are man-in-the-middle attacks against SSL. I think
> his article is wrong, but he has conveniently left off enough technical
> details of his attack so that he can always say he meant something else.
>
> The problem is that it is getting a surprising amount of play. I put in my
> two cents on Slashdot yesterday, but today I saw some posts on
> the IPSec mailing list referencing the Seifried article.
>
> I guess I am most curious about just what his man-in-the-middle
> attack is? My guess is that he is claiming his MITM can replace the
> legitimate server certificate with one of his own choosing. I suspect
> Seifried doesn't understand the CN check which is performed by
> SSL clients and outlined section 3 of
> http://www.rfc-editor.org/rfc/rfc2818.txt.
> If anybody can figure out what he is really claiming, please e-mail the
> list.
I wrote to Kurt about this yesterday but have yet to receive a response.
Anyway, I suspect what he's referring to is the well-known observation
that people are stupid enough to click through the browser provided
warnings. If so, this isn't a flaw in SSL. [0]
Aside from that attack, there aren't any known good man-in-the-middle
attacks against SSL [0]. However, note that it's possible to undetectably
tamper with the HTTP-fetched page containing the HTTPS URL and
thus totally compromise SSL connections derived from that page.
There's a lot more on this topic in Chapter 5 of "SSL and TLS".
-Ekr
[0] There are a few downgrade-to-export attacks which require
being able to crack export-grade keys in real time. AFAICT, this
isn't what he's talking about.
[Eric Rescorla [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
