Re: Can someone clarify, X509 spoofing?

From: Anne & Lynn Wheeler (lynn@garlic.com)
Date: 04/13/03 

From: Anne & Lynn Wheeler <lynn@garlic.com>
Date: Sun, 13 Apr 2003 19:05:19 GMT

"Ernst Lippe" <ernstl-at-planet-dot-nl@ignore.this> writes:
> When the client certificate does not correspond with the
> server private key, SSL will not be able to successfully
> negotiate a correct session key.
>
> At the moment I can't think of any serious attack that
> would become possible if you happened to find two certificates
> with the same hash. Under very specialized conditions
> such attacks might exist, but until someone finds a
> very good counter example, I don't see how this would
> pose a threat against using certificates. After
> all compromise of the private keys is a far more
> realistic threat, and that doesn't appear to discourage
> most users from using certificates.

if the reference is being able to modify the contents of a certificate
so that it matches any SHA of the original contents (whether it is a
saved copy or the certificates authority digital signature of the
contents) ... then one possibility is being able to alter the contents
such a different public key (matching some private in the attacker's
possession) is accepted. then the attacker could be accepted.

however, lots of discussions as to other points of attacks ... like
domain name take-over (that don't involve either direct attacks on
certificate contents or even direct attacks on private keys):
http://www.garlic.com/~lynn/subtopic.html#sslcert

however, as mentioned in previous post ... if succesful attacks can be
mounted on SHA ... then the whole digital signature infrastructure is
at risk (not just somebody's private use of SHA). 

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ 
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

Relevant Pages