Re: MITM attacks, the day after ...

[Eric Murray <ericm@lne.com>]

> There seem at this point to be two messenger or man in the middle attacks
> on SSL that have enough merit to explore further.
> 
> #1  Attack client binaries to suppress certificate validation, and accept
> ones forged by the filter/MITM. The binary attack could occur during down
> load from NetScape (a good ISP level attack) or after the fact with a virus.
> The client binary would be normally functioning with servers other than the
> attacking MITM filter.

That's not an attack on SSL.   It's an attack on an application.
It's no different, conceptually, than attacking sendmail or MS Word.

The point to attacking SSL is to be able to decode a message from any
browser, without having to do anything extraordinary to the victim's host.
No cryptosystem is proof against an attacker who can see and
control everything you do on the client side (i.e. has root in UNIX
parlance).

So, while your idea #1 might be interesting or fun to do as far as computer
security goes, it's not an attack on SSL. 

> #2  Present client with the filters valid certificate and hope that in the
> rare case the user looks, that they will not question it, or even know what
> a valid one from the real server is.

That points out the flaw in Netscape's authentication model that
others have already pointed out on this list.  Admittedly, like Don
Stephenson just posted, there's not really a good way to distribute
and authenticate certificates until there's a ubiquitous global
CA chain.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF