SSL/TLS - am I doing it right?

Sybren Stuvel sybrenUSE at YOURthirdtower.com.imagination
Mon Mar 13 07:36:44 EST 2006 

Frank Millman enlightened us with:
> If I understand correctly, a 'man-in-the-middle' attack would
> involve someone setting up a 'pseudo server', which gives the
> correct responses to the client's attempt to log in

That's right. Usually it's done by proxying the data between the
client and the real server.

> and would also involve someone manipulating the client parameter so
> that it points to the pseudo server instead of the real server.

Yup. This can be done in various ways, like ARP poisoning of the
network. Then the IP address will not change, but the network card
that the traffic is sent to will. The fraudulent server, having the
correct ARP table, can then forward the captured data to the real
server.

> What I have not understood is how to prevent this. How can the
> client distinguish between a valid server and a fraudulent one?

By checking the certificates. The CA mustn't sign server certificates
except for the real server. The fraudulent server thus has no valid
server certificate.

> If it obtains the server credentials dynamically, the fraudulent
> server can supply fraudulent credentials. If somehow the client must
> know in advance what the credentials are, then these can only be as
> secure as the parameter that tells the client how to connect in the
> first place.

True, but as you can see above, making the client talk to another
computer doesn't have to involve accessing and changing the client's
filesystem.

> I more or less understand the concept of setting up a secure server,
> with a signed key that can be validated via a trusted authority, but
> surely it is not necessary for every user of my software to register
> with such an authority before they can get protected communication
> between their own clients and their own server.

If you want to be secure, that *is* necessary. Every client should
have a valid, signed certificate, and every server should too.

Sybren
-- 
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself? 
                                             Frank Zappa

More information about the Python-list mailing list