Michael Sierchio <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>
> > A MITM attack WOULD be possible if the browser didn't check the
> > server's certificate against the expected identity.
>
> A check against the expected identity is only useful if the
> binding of the pubkey to the identity is trusted. A MITM can
> generate a signed cert on the fly with the expected identity...
That's why you don't just take any certificate but rather require that
it be signed by a CA you trust. What's the confuson here?
> It is indeed an SSL problem -- the protocol and its components rely
> on PKI, but PKI isn't really there yet. A mutually authenticated
> channel, in which the server presents the DNs of trusted signing
> authorities as part of the handshake, offers a lot more protection
> even for the client.
What exactly are you proposing here? SSL client authentication doesn't
add any value here unless you somehow believe that the server is more
capable of determining which CAs are to be trusted than the client, a
position I find extremely dubious.
-Ekr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
