Re: [openssl-dev] [openssl.org #3744] Enhancement Request
On 03/11/2015 01:28 PM, Shawn Fernandes via RT wrote: Hi, At the moment, we have SSL handshake making use of a single certificate, using a single key-pair present in the certificate. In the event the MITM has the same certificate(SSL - offloader) then the data can be encrypted/decrypted. Would like to know if we can have the enhancement of using random key pair, generated form each certificate, so that each SSL handshake would make use of a random key-pair, and thereby give a different key value to each encryption -decryption, and therby be able to determine if the MITM with a same certificate has decrypted encrypted data. With Regards, Shawn I'm not an expert here, but I must share a couple of considerations that the master of cryptography may want to reject or amend: - if we're talking of non-mutual X509 authentication, that is just the server has a certificate, the solution would be ineffective against a determined attacker who possesses the server certificate because it would be possible, for the MITM, to fully impersonate the server. The MITM would talk with both parts using random keys - as a general security perspective, it is always bad when a private key is compromised. Mutual authentication would help, yes, but you're navigating dangerous waters anyway - the TLS-SRP, in my understanding, involves a pre-shared secret which is not, most often, a viable solution ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3744] Enhancement Request
In addition to client authentication, another approach would be to use TLS-SRP to protect against MITM. Without the SRP credentials, the attacker would not be able to establish the two TLS connections required for MITM. On 03/11/2015 09:35 AM, Short, Todd via RT wrote: This is more of a request to change the TLS protocol, than an enhancement to OpenSSL. DHE and ECDHE ciphers provide PFS to protect against compromised public key-pairs. However, if a MITM has the same certificate, signed by a trusted certificate authority, then most bets are off. Client-authentication can provide additional protection against MITM attacks, and allow servers to identify if a MITM is interfering with a valid user. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On Mar 11, 2015, at 8:28 AM, Shawn Fernandes via RT r...@openssl.orgmailto:r...@openssl.org wrote: Hi, At the moment, we have SSL handshake making use of a single certificate, using a single key-pair present in the certificate. In the event the MITM has the same certificate(SSL - offloader) then the data can be encrypted/decrypted. Would like to know if we can have the enhancement of using random key pair, generated form each certificate, so that each SSL handshake would make use of a random key-pair, and thereby give a different key value to each encryption -decryption, and therby be able to determine if the MITM with a same certificate has decrypted encrypted data. With Regards, Shawn ___ openssl-dev mailing list To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddevd=AwICAgc=96ZbZZcaMF4w0F4jpN6LZgr=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRikm=ds4i2k1LUtsCfZgPMHS2VdrUvh5w6_xSLfNdm1vpRPos=kEns4AYdLMO2_ASqWmVdf9jEzb8yMzvELxKIbzr6Mqce= ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3744] Enhancement Request
We have no plans to do this. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3744] Enhancement Request
Hi, At the moment, we have SSL handshake making use of a single certificate, using a single key-pair present in the certificate. In the event the MITM has the same certificate(SSL - offloader) then the data can be encrypted/decrypted. Would like to know if we can have the enhancement of using random key pair, generated form each certificate, so that each SSL handshake would make use of a random key-pair, and thereby give a different key value to each encryption -decryption, and therby be able to determine if the MITM with a same certificate has decrypted encrypted data. With Regards, Shawn ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3744] Enhancement Request
This is more of a request to change the TLS protocol, than an enhancement to OpenSSL. DHE and ECDHE ciphers provide PFS to protect against compromised public key-pairs. However, if a MITM has the same certificate, signed by a trusted certificate authority, then most bets are off. Client-authentication can provide additional protection against MITM attacks, and allow servers to identify if a MITM is interfering with a valid user. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On Mar 11, 2015, at 8:28 AM, Shawn Fernandes via RT r...@openssl.orgmailto:r...@openssl.org wrote: Hi, At the moment, we have SSL handshake making use of a single certificate, using a single key-pair present in the certificate. In the event the MITM has the same certificate(SSL - offloader) then the data can be encrypted/decrypted. Would like to know if we can have the enhancement of using random key pair, generated form each certificate, so that each SSL handshake would make use of a random key-pair, and thereby give a different key value to each encryption -decryption, and therby be able to determine if the MITM with a same certificate has decrypted encrypted data. With Regards, Shawn ___ openssl-dev mailing list To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddevd=AwICAgc=96ZbZZcaMF4w0F4jpN6LZgr=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRikm=ds4i2k1LUtsCfZgPMHS2VdrUvh5w6_xSLfNdm1vpRPos=kEns4AYdLMO2_ASqWmVdf9jEzb8yMzvELxKIbzr6Mqce= ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3744] Enhancement Request
This is more of a request to change the TLS protocol, than an enhancement to OpenSSL. DHE and ECDHE ciphers provide PFS to protect against compromised public key-pairs. However, if a MITM has the same certificate, signed by a trusted certificate authority, then most bets are off. Client-authentication can provide additional protection against MITM attacks, and allow servers to identify if a MITM is interfering with a valid user. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On Mar 11, 2015, at 8:28 AM, Shawn Fernandes via RT r...@openssl.orgmailto:r...@openssl.org wrote: Hi, At the moment, we have SSL handshake making use of a single certificate, using a single key-pair present in the certificate. In the event the MITM has the same certificate(SSL - offloader) then the data can be encrypted/decrypted. Would like to know if we can have the enhancement of using random key pair, generated form each certificate, so that each SSL handshake would make use of a random key-pair, and thereby give a different key value to each encryption -decryption, and therby be able to determine if the MITM with a same certificate has decrypted encrypted data. With Regards, Shawn ___ openssl-dev mailing list To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddevd=AwICAgc=96ZbZZcaMF4w0F4jpN6LZgr=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRikm=ds4i2k1LUtsCfZgPMHS2VdrUvh5w6_xSLfNdm1vpRPos=kEns4AYdLMO2_ASqWmVdf9jEzb8yMzvELxKIbzr6Mqce= ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev