Kurt Roeckx wrote: > David, > > I think you have a problem of not making clear what you actually mean. > > I'm going to give 3 examples of how I could read what you were saying so > far: > > 1. A client connects to a server, but the server has been compromised > and someone knows it's secret key. The client properly checks > that the key is valid. > 2. A client connects to a server, but the client has been compromised > and now accepts any or certain keys it's been offered. The client > software is/was written to do proper checking. > 3. A client connects to a server, but it accepts the public key the > server or attacker returns because it doesn't do proper checking. > > I now think that people understand that you meant one of the first 2 > cases but actually meant the 3rd. And if you actually meant the 3rd, > that's not what I was reading in the other mails.
God, I hope you're right. That would mean that I was being unclear, rather than everyone else being crazy. That's a much more comforting scenario. Of course, it doesn't help when you have someone who is deliberately making every effort to misunderstand and mock you when you're trying to prevent people from doing real harm. People have in fact created SSLv3-based products that are vulnerable to MITM attacks, and when the vulnerabilities are pointed out to them, they inevitable reply "but we used SSLv3 -- isn't SSLv3 immune to MITM attacks?". Yes, really. The fault, of course is not in SSLv3. It's in the fault of morons who insist that SSLv3 *alone* makes you immune to MITM attacks. There is a very technical sense in which this is true, but that very technical meaning is lost on the people who make this kind of mistake. OpenSSL is a spectacular library. It's a great implementation of various crypto algorithms, a nice interface to access them generically, SSL, DER, and various other things. However, just as it makes it much easier to do crypto right, it also makes it much easier to do crypto wrong. Without OpenSSL, the people who made the kind of mistakes I'm talking about would probably never get their code to even talk to a server. With OpenSSL, they can get the appearance of SSL and the belief that they have all the guarantees that SSLv3, used properly, *can* provide. But in actuality, they have little to no security at all because their endpoints are compromised -- by design. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
