Of relevance to SSL and trust in DNS... Even without stealing keys, there are unconventional ways of circumventing SSL server authentication. That is, pretending to be an SSL server that you are not. For instance, a client might forget to verify in a resumed SSL session that the server hostname matches the CN involved with the original connection. If the client starts a resumable session with a server, that server can pretend to be other hosts. Examples: http://www.cert.org/advisories/CA-2000-05.html http://snafu.fooworld.org/~fubob/netscape-ssl.html There is not a well-defined trust model for proxied SSL content. SSL authenticates servers, not content. Example: http://www.mit.edu:8008/menelaus/bt/17272 Even if SSL were perfect, implementing certificate management will remain tricky. -------- Kevin E. Fu (fubob@mit.edu) PGP key: https://snafu.fooworld.org/~fubob/pgp.html
Unless that problem is fixed, man in the middle is hardly made more difficult - for example, Mallory could break into some random machine on the net and steal it's public key, then hijack local DNS and when someone goes to amazon.com redirect them to amazon.hackeddomain.com, and then proxy to amazon.com - now even SSL says the connection is safe.
-Bram Cohen