On Wed, Sep 26, 2007 at 11:03:21AM +0200, Steffen DETTMER wrote: > > > So your point is that some property from the original > > > certificate (lets say some hash or so) could be included in > > > the extra authentication to detect a MITM (or whatever faked) > > > certificate? In that case, SSL would be used basically for > > > encryption only, right? > > > > Exactly.
Actually not the certificate, it has to be a nonce securely derived from the current SSL handshake, the certificate alone does not qualify. This nonce then has to be used securely in a second authentication step that must work if both sides have the same nonce, and fail otherwise. This is certainly possible, but the vast majority of users (i.e. programmers) this is IMHO a bad idea. I am not alone in this view. Use TLS with a properly integrated cipher-suite and a suitable key management/trust model. > Ahh, ok. I assumed SSL and TLS would specify how to authenticate > and how to derive keys (to be interoperable), but also Victor > explained my that there are more flexible possibilites such as > defining new cipher suites (before, I assumed the standard would > require a lowest common dominator such as > TLS_RSA_WITH_3DES_EDE_CBC_SHA and so on to get all > implementations interoperable). Programmers should not define new cipher-suites, protocol designers should design and review them, then standards committees adopt them and toolkit vendors (e.g. OpenSSL) implement them. As a programmer you have a choice of cipher-suites (via the cipherlist preferences in the client and server applications). Some cipher-suites work better with some key management (trust) models. Some cipher-suites that I wish were standardized are not yet available. David's proposal very likely works for him, but IMHO is bad advice, because the sophistication required to execute it correctly is too high. I would not use a product that rolled its own MITM-immune authentication layer post-SSL. With cryptographic products, follow the herd and don't stray. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]