Marton Anka wrote:
Message
Hello,
I
am trying to solve a very peculiar problem. In my application, there
are three players:
1.
Client - runs a regular web browser.
2.
Proxy - runs my proxy application with OpenSSL 0.9.7c
3.
Host - runs my host application with OpenSSL 0.97c
Proxy
accepts connections from both the Client and the Host. Proxy has a real
CA certificate, therefore it is trusted by the Client and the Host.
Host has an install-time generated self-signed certificate that is
registered on the Proxy upon the first connection and verified upon
subsequent ones.
Is your goal to pay for one Verisign certificate and be able to use it
for a large number of privately generated free certificates which would
not be trusted by the client?
Host
connects to Proxy and waits. Client connects to Proxy and wishes to
talk to Host.
Client
can verify Proxy's identity, and by trusting Proxy it can also rely on
Host's identity being verified as Host needs to authenticate with a
client certificate towards Proxy.
The client cannot trust the host because the client is not verifying
the Host's certificate.
The client has no way of knowing
whether or not the proxy server has been compromised. Therefore it is
not acceptable
to trust the proxy to decrypt and reencrypt the data. You have now
introduced a man in the middle.
Now
Proxy can shuffle data between Client and Host. The easy way to do it
is by receiving data from Client through its SSL channel, (effectively
decrypting) it, and sending it to Host (re-encrypting it) through
Host's SSL channel. The response comes from Host, it's
decrypted/re-encrypted, and transmitted to Client.
Proxy
cannot simply shuffle TCP traffic, obviously, because Client, being a
standard browser, does not trust Host's certificate - and even if it
did, the CN would not match.
The
first question is, is this cryptographically sound if we assume that
Proxy has not fallen into the wrong hands?
No. It is not a sound security process.
The
second question is, can this be improved? For example, can we get rid
of the decryption/re-encryption phase? Can I somehow manage to get both
Host and Client to negotiate the same cipher suite and session key? I
have total control over the code that runs on Proxy and Host, but
Client can be any web browser.
The way the client and host negotiate the same cipher suite and session
key is by establishing an SSL/TLS session between the client and the
host without the involvement of the proxy.
Please
note that I am just an ordinary SSL user and do not understand its
internal workings to 100% - so I apologize if the latter question is
dumb.
Furthermore,
if someone were willing to consult me on this matter I would, of
course, be willing to pay appropirate compensation for their time.
I am available for consulting. You may contact me at jaltman at
secure-endpoints.com for that purpose.
Thanks
in advance,
Marton
Anka
|
smime.p7s
Description: S/MIME Cryptographic Signature
