SSL/TLS - am I doing it right?

Frank Millman frank at chagford.com
Mon Mar 13 07:27:08 EST 2006 

Sybren Stuvel wrote:
> Frank Millman enlightened us with:
> > The point of the exercise for me is encryption. I am not too worried
> > about authentication.
>
> Encryption can't function fully without authenication.
>

Ok, I have been thinking about the replies from you and Paul, and I am
confused (nothing new).

Let's keep it simple, and assume that the client and the server are on
the same network. The server runs with restricted permissions, with
access to the database. A client can only access the server through a
client connection.

A client can be any workstation on the network. To be able to function
as a client, it needs a pointer to the client software, and it needs a
pointer to a parameter that tells it where to find the server - ip
address/port number.

If I understand correctly, a 'man-in-the-middle' attack would involve
someone setting up a 'pseudo server', which gives the correct responses
to the client's attempt to log in; and would also involve someone
manipulating the client parameter so that it points to the pseudo
server instead of the real server. This would indeed allow the pseudo
server to obtain the user id and password fraudulently.

What I have not understood is how to prevent this. How can the client
distinguish between a valid server and a fraudulent one? If it obtains
the server credentials dynamically, the fraudulent server can supply
fraudulent credentials. If somehow the client must know in advance what
the credentials are, then these can only be as secure as the parameter
that tells the client how to connect in the first place.

I more or less understand the concept of setting up a secure server,
with a signed key that can be validated via a trusted authority, but
surely it is not necessary for every user of my software to register
with such an authority before they can get protected communication
between their own clients and their own server.

I am sure I am missing the point somewhere. Any advice, or links to
literature that explain this in more detail, will be much appreciated.

Thanks

Frank

More information about the Python-list mailing list