[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: IPSec vs. SSL

I am not sure how one does one does this if a CA is a public TTP?

Most CA that are worthy of trust by the general public attain the TTP
(Trusted Third Party) designation.  They do so by proving to large one or
more big 6 audit firms that they have a very secure CA.  Typically they have
many layers of firewalls and intrusion detection systems and some of worlds
foremost security experts on their payroll.  Most are housed in very secure,
physically guarded facilities with multiple enveloping security zones.
Often there are concrete walls, bio-metrically controlled steel doors which
contain plexan rooms and tempest cages.

Then there are CAs like the one I run on my desktop.  A free copy of Windows
certificate authority that comes with NT 4.0!   It wouldn't be mission
impossible to steal private key from my desktop, it is in a very public
location.  I issue certs to friends and colleagues for testing purposes.
This can be spoofed and imitated.  But is that of any value?

If the point is being made that people may use certs from "Joe's Certificate
Services", a garage shop operation which is easy to subvert especially if
users do not pay attention to cues from the UI on security issue; that is
fine and that is how it should be stated.  It is the same as saying many
people don't lock their cars and doors or use cheap stuff that can be picked
easily.  We wouldn't say doors and locks are not good enough security for
our homes and cars.

All I am trying to say is that there isn't sufficient basis to make serious
assertions like "SSL is insecure".


----- Original Message -----
From: "Venkat RK Reddy" <vpothams@cisco.com>
To: "Khaja E. Ahmed" <khaja.ahmed@home.com>
Cc: <ipsec@lists.tislabs.com>
Sent: Tuesday, December 19, 2000 2:37 AM
Subject: Re: Fw: IPSec vs. SSL

> >
> > I am not quite sure I understand how SSL is susceptible to the man in
> > middle attack.  Could you explain this a bit more or point me to some
> > write-up on this.  If the client encrypts a session key with the public
> key
> > of a server pretty much the only thing that can decrypt the key is the
> > server which has the private key corresponding to the public key in the
> > certificate.  I don't see how a man in the middle attack can be launched
> > here.
> >
> Spoof and imitate the CA ;-)