The basic problem is that most people do not check the keys (and will accept keys with
warnings like out of date, self signed, or
pointing to the wrong site). This wasn't such an issue until Dug Song released a
nicely packages click and compile tool. Most people
seem to think that SSH/SSL make things "Secure", well guess what, they don't. They
help, and are certainly a bit better then
plaintext alternatives like telnet but they aren't perfect either.
Kurt Seifried, [EMAIL PROTECTED]
SecurityPortal - your focal point for security on the 'net
----- Original Message -----
From: "Eric Rescorla" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, December 19, 2000 10:09 AM
Subject: Re: Kurt Seifred's article on securityportal
> "Greg Stark" <[EMAIL PROTECTED]> writes:
> > Kurt Seifried has written an article (www.securityportal.com) in which
> > he claims there are man-in-the-middle attacks against SSL. I think
> > his article is wrong, but he has conveniently left off enough technical
> > details of his attack so that he can always say he meant something else.
> >
> > The problem is that it is getting a surprising amount of play. I put in my
> > two cents on Slashdot yesterday, but today I saw some posts on
> > the IPSec mailing list referencing the Seifried article.
> >
> > I guess I am most curious about just what his man-in-the-middle
> > attack is? My guess is that he is claiming his MITM can replace the
> > legitimate server certificate with one of his own choosing. I suspect
> > Seifried doesn't understand the CN check which is performed by
> > SSL clients and outlined section 3 of
> > http://www.rfc-editor.org/rfc/rfc2818.txt.
> > If anybody can figure out what he is really claiming, please e-mail the
> > list.
> I wrote to Kurt about this yesterday but have yet to receive a response.
>
> Anyway, I suspect what he's referring to is the well-known observation
> that people are stupid enough to click through the browser provided
> warnings. If so, this isn't a flaw in SSL. [0]
>
> Aside from that attack, there aren't any known good man-in-the-middle
> attacks against SSL [0]. However, note that it's possible to undetectably
> tamper with the HTTP-fetched page containing the HTTPS URL and
> thus totally compromise SSL connections derived from that page.
>
> There's a lot more on this topic in Chapter 5 of "SSL and TLS".
>
> -Ekr
>
> [0] There are a few downgrade-to-export attacks which require
> being able to crack export-grade keys in real time. AFAICT, this
> isn't what he's talking about.
>
> [Eric Rescorla [EMAIL PROTECTED]]
> Author of "SSL and TLS: Designing and Building Secure Systems"
> http://www.rtfm.com/
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
