RE: [fw-wiz] Security of HTTPS

From: Ben Nagy (ben_at_iagu.net)
Date: 11/29/04

  • Next message: Christopher Hicks: "Re: [fw-wiz] smtp proxy on firewall" 
    To: "'Frank Knobbe'" <frank@knobbe.us>, "'Ng Pheng Siong'" <ngps@netmemetic.com>
Date: Mon, 29 Nov 2004 10:04:14 +0100

    > -----Original Message-----
    > On Sun, 2004-11-28 at 10:15, Ng Pheng Siong wrote:
    > > In SSL/TLS, the client certificate request is optional, and
    > its typical
    > > use, HTTPS, does not require client certificates, so there
    > is no client
    > > public/private key here that can be used to "transfer encrypted key
    > > material".
    >
    > Right. But even if client certificates are used, these are
    > only used for
    > authentication (signature check) and not for encryption during
    > master-key negotiation.

    If you're using client certs then you should be using one of the
    Diffie-Hellman cipher suites, shouldn't you? DH is not vulnerable to this
    type of passive interception attack, and couldn't be attacked in this
    way[1]. Certificate protected DH is still vulnerable to an active MitM if
    someone has a copy of the server's private key.

    However, the huge bulk of connections use the RSA cipher specs which _are_
    vulneranble to the attack you describe. Looking at it in this light, I am
    trying to work out why the implementors chose this construction (sending the
    PMS simply encrypted with the server cert) instead of "one side signed"
    Diffie Hellman, like IPSec-IKE, which would have obviated the passive
    sniffing attack. Does anyone know?

    Cheers,

    ben

    [1] eg, http://www.hack.gr/users/dij/crypto/overview/diffie.html

     

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Christopher Hicks: "Re: [fw-wiz] smtp proxy on firewall"