1995-10-03 - Re: NetScape’s dependence upon RSA down for the count!

Header Data

From: Don.Stephenson@Eng.Sun.COM (Don Stephenson)
To: cmcmanis@scndprsn.Eng.Sun.COM
Message Hash: 53bf0e33870fce954785f9b4f4c646b3e3a6c1942a34c697f4ea25eb0085dd79
Message ID: <9510030606.AA09386@icenine.Eng.Sun.COM>
Reply To: N/A
UTC Datetime: 1995-10-03 06:22:34 UTC
Raw Date: Mon, 2 Oct 95 23:22:34 PDT

Raw message

From: Don.Stephenson@Eng.Sun.COM (Don Stephenson)
Date: Mon, 2 Oct 95 23:22:34 PDT
To: cmcmanis@scndprsn.Eng.Sun.COM
Subject: Re: NetScape's dependence upon RSA down for the count!
Message-ID: <9510030606.AA09386@icenine.Eng.Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain



> From cmcmanis@scndprsn Mon Oct  2 09:07:33 1995

> Why forge it? Why not simply buy a netsite server with a valid certificate.
> Let's say you paid full list for it $5000. It is the classic MITM attack
> but the protection against that attack was generally that the parties
> communicating "knew" each other. 

Of course, the attacker would be leaving a very strong pointer back to 
themselves as evidence.


> This is a fundamental weakness of putting the security at the SSL level as
> opposed to a possibly higher level. With the netscape attack since your
> client never cares "how" (or to whom) the SSL connection is made, it never
> shows you the information about where the source key came from. Only that
> it is valid.

I'm not sure this is really an issue of where the security is layered, 
but rather a flaw in the use of it, in not requiring the unambiguous 
specification of the "service name" (what's in the certificate) beforehand, 
or confirming it after the connection is established.  

You must have a binding between the target URL and the desired "service name", 
regardless of whether you have the security protocol in the session layer (SSL) 
or the application/http layer (Secure-HTTP).


- Don






Thread