On Wed, Sep 26, 2007 at 11:03:21AM +0200, Steffen DETTMER wrote:
> > > So your point is that some property from the original
> > > certificate (lets say some hash or so) could be included in
> > > the extra authentication to detect a MITM (or whatever faked)
> > > certificate? In that case, SSL would be used basically for
> > > encryption only, right?
> >
> > Exactly.
Actually not the certificate, it has to be a nonce securely derived from
the current SSL handshake, the certificate alone does not qualify. This
nonce then has to be used securely in a second authentication step that
must work if both sides have the same nonce, and fail otherwise.
This is certainly possible, but the vast majority of users (i.e.
programmers) this is IMHO a bad idea. I am not alone in this view.
Use TLS with a properly integrated cipher-suite and a suitable key
management/trust model.
> Ahh, ok. I assumed SSL and TLS would specify how to authenticate
> and how to derive keys (to be interoperable), but also Victor
> explained my that there are more flexible possibilites such as
> defining new cipher suites (before, I assumed the standard would
> require a lowest common dominator such as
> TLS_RSA_WITH_3DES_EDE_CBC_SHA and so on to get all
> implementations interoperable).
Programmers should not define new cipher-suites, protocol designers
should design and review them, then standards committees adopt them and
toolkit vendors (e.g. OpenSSL) implement them.
As a programmer you have a choice of cipher-suites (via the cipherlist
preferences in the client and server applications). Some cipher-suites
work better with some key management (trust) models.
Some cipher-suites that I wish were standardized are not yet available.
David's proposal very likely works for him, but IMHO is bad advice,
because the sophistication required to execute it correctly is too high.
I would not use a product that rolled its own MITM-immune authentication
layer post-SSL. With cryptographic products, follow the herd and don't
stray.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
