CDR: Public Key Infrastructure: An Artifact...

[Jeffrey Altman]

> The problem with all of these things is that they are still based on
> creating an association between a domain name and a key, when in fact what
> you want is an association between some abstract concept of a counterparty
> which exists in an end user's mind (like, say, amazon) and the ownership
> of a machine that user's browser is talking to.
> 
> Unless that problem is fixed, man in the middle is hardly made more
> difficult - for example, Mallory could break into some random machine on
> the net and steal it's public key, then hijack local DNS and when someone
> goes to amazon.com redirect them to amazon.hackeddomain.com, and then
> proxy to amazon.com - now even SSL says the connection is safe.
> 
> -Bram Cohen

I don't understand this last paragraph at all.  If you put a proxy on
amazon.hackeddomain.com and I connect through the proxy to the real
amazon.com, where is the threat?  If the SSL connection is established
with the proxy, then the X.509 certificate on that host does not match
www.amazon.com and the connection would not verify.  If the connection
is proxied to the real www.amazon.com the SSL connection will verify,
and because it is protected end to end the proxy will not be able to
do anything other than disconnect the connection at an arbitrary
time.  There is no man in the middle attack here.





                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * kermit-support at kermit-project.org