> Eric Rescorla wrote:
>
> > This isn't a MITM attack, however.
>
> Sorry, Eric -- if you don't know or trust the signer, then you only
> know that the presenter (could be a MITM) has the private key associated
> with the pubkey in the cert. This means that a MITM attack is entirely
> possible. Trust in the CA is required to assure the binding of the
> SubjectPublicKeyInfo to the DN. That's the feature that prevents
> the MITM attack. There's also the convention among browser implementations
> that the CN should be the FQHN, which is a PITA for numerous reasons.
>
> Of course, your browser presents no warnings whatsoever for certs
> signed by any number of CAs that are "trusted" simply because their
> root certs are bundled with the browser. And unless you manually
> retrieve a CRL, you only know that a cert was valid when it was
> issued.
But as Eric said, this is not a protocol problem. This is a user
training issue. There is only so much that software can do.
Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available
The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL. SSH soon to follow.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
