On Thu, Jan 01, 2009 at 06:26:49PM -0800, David Schwartz wrote:
>
> Edward Diener wrote:
>
> > > 1) You need someone to confirm that having a client use a
> > > known-compromised
> > > private key to authenticate over SSL is no worse than the
> > > client using no
> > > key at all. It seems to me like you'd almost have to try to make this a
> > > problem, but who knows -- maybe it's never been thought about.
>
> > Whether a client private key is used or no client key at all, there is
> > still the issue of figuring out the username/password.
>
> No, there isn't. If using a known-compromised client key compromises the SSL
> connection, then an attacker can get a username/password simply by reading
> it out of a compromised SSL connection.
No such compromise happens, so this is not relevant. Compromised client
keys don't compromise SSL provided the server key is secured and the
server does not rely on client certificates for client authentication.
> On another note, something still seems fundamentally wrong with your
> approach. Since every customer has a username/password, and you don't trust
> your customers, you still cannot allow someone to mess with an arbitrary
> data just because he has a valid username/password.
We've hashed this part out already, let's not go there again.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
