[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL v IPSEC for management?



kwok c. lee enscribed thusly:

> In this case, the client simply cannot trust the server.
> The issue here is that it is possible for the SSL client to authenticate
> the server.

	The client shouldn't have to trust the server.  The server presents
a certificate which, presumably, has some information which indelibly
links that certificate to the server.  In the case of web servers, that's
generally the common name in the certificate matching the server name
you are contacting.  This does rely on information in the DNS being
acurate.  My server, www.wittsend.com, presents a certificate claiming
to be www.wittsend.com and DNS lookup on www.wittsend.com confirms this.
Now, how do we know that this is not some bogus certificate?  The certificate
is signed by Verisign or some other well known certifying authority.

	Can the client authenticate the server?  Of course.  It all depends
upon what degree of trust you want to place in that authentication.  To
break this system, someone would have to steal (or forge - much tougher)
my server certificate, get past the pass phrase, and poison the DNS so
that you think his address is mine.  Is that enough?  Maybe, maybe not.
If it is enough, then the client can authenticate the server to its own
satisfaction.

	Now the question of "am I the server that you wanted to talk to"
is another story and outside the scope of simple authentication.  Maybe
someone mistyped a name and it should have been www.witsend.com (one 't').
You would authenticate my server just fine, but I'm not the one you wanted
to talk to.  That's not an authentication problem.  At least not in terms
of authenticating the certificates.

	None of this differs from authenticating certificates with respect
to IPSEC certificates.  Unless you are dealing with out of band communication
to handle certificates, or manual keying, I just don't see the differences
in the authentication issues here...


> 
> ----- Original Message -----
> From: Steven Lee <slee@cygnacom.com>
> To: <marcvh@aventail.com>; Steven Lee <slee@cygnacom.com>
> Cc: 'Waters Stephen' <stephen.Waters@cabletron.com>; Ipsec (E-mail)
> <ipsec@tis.com>
> Sent: Tuesday, January 26, 1999 10:48 AM
> Subject: RE: SSL v IPSEC for management?
> 
> 
> >If the server certificate is not signed by one of the root CA installed
> >in your browser, then you cannot authenticate.  Marc, are you assuming
> >that the certificate is issued by one of the root CA?
> >
> >
> >
> >> -----Original Message-----
> >> From: marcvh@aventail.com [SMTP:marcvh@aventail.com]
> >> Sent: Tuesday, January 26, 1999 10:32 AM
> >> To: Steven Lee
> >> Cc: 'Waters Stephen'; Ipsec (E-mail)
> >> Subject: Re: SSL v IPSEC for management?
> >>
> >> Steven Lee said:
> >> > There are some trade-offs in using the SSL; however, one of the top
> >> > issue would be that a client cannot authenticate the server.
> >> Therfore,
> >> > a server could someone pretending to be a trusted party and there is
> >> no
> >> > way for the client to authenticate this information.
> >>
> >> What?  That's not true at all; it's just as possible for an SSL client
> >> to
> >> verify the server's certificate information as it is for a client of
> >> any
> >> other public-key based security protocol.  Regarding the other
> >> discussion,
> >> in SSL (and HTTPS, which is HTTP inside SSL/TLS) authentication of the
> >> client
> >> to the server is generally available as an optional service, while
> >> authentication of the server to the client is generally mandatory.
> >>
> >> Re the original poster, no, SSL is not known to be vulnerable to
> >> replay
> >> attacks.  Which one is more suited to your purpose is hard to say from
> >> the information you give; SSL is at a higher level, can easily be
> >> entirely
> >> contained within an application instead of requiring network stack
> >> issues,
> >> can't protect UDP data, may be more vulnerable to denial-of-service
> >> attacks,
> >> is probably more vulnerable to traffic analysis, etc. relative to
> >> IPSEC.
> >> You'll have to decide which of these things are important to you.
> >>
> >> I don't understand how SSL per se is vunlerable to things like relay
> >> attacks or address-spoofing attacks, although a poorly designed
> >> application
> >> that used SSL could have such weaknesses.
> >>
> >> - Marc
> >>
> >> --
> >> Marc VanHeyningen                 marcvh@aventail.com
> >> Internet Security Architect
> >> Aventail                          http://www.aventail.com/

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


Follow-Ups: References: