Any sort of Certificate authority based protocol is dumb. It's like RSAC charging 500 bucks for rating a web site. Nothing anyone does on the web is important enough to encrypt. Anyway, as far as SSL goes...we've all heard about how proactive Netscape is in preventing key comprimise. Its too late. Ben Camp At 06:49 PM 9/9/96 -0700, Eric Murray wrote:
I~nigo Gonzalez writes:
Hello, I'm thinking about how can I get rid off this kind of attack *before* it happens. Can you please send me your comments about this? I don't know so much about the how SSL works, but I think this is something that can happen...
[classic Man-in-the-Middle attack]
What you described is the Man In The Middle attack, often abbreviated on these lists as MITM. The fact that there's an abbreviation for it should indicate to you how often it is discussed. However it's also one of the first problems (besides the basic encryption) that protocol designers think of.
It's been taken care of in SSL3- the server's certificate must be signed by a CA that the client trusts. Unless the digital signature can be spoofed, and it probably can't be, the client can be certain that the server certificate it got is really from the server that it claims to be from.
Assuming that RSA still can't be broken, the client can be sure that the pre-master-key material that it sends to the server (and which is the basis for the symmetric crypto session keys) will not be compromised.
If you grab a copy of the SSL3 spec (from netscape's web site) and read the appendicies there's more good stuff about possible attacks and what's been done to counter them.
-- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm Principal, LNE Consulting: SSL, crypto applications, Internet security. PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF