[Standards] IETF SASL WG meeting
Dave Cridland
dave at cridland.net
Mon Dec 10 15:22:35 CST 2007
On Mon Dec 10 20:56:17 2007, Justin Karneges wrote:
> Charlie can't login as Alice:
> Charlie <--- TLS ---> Bob
> (Charlie doesn't have Alice's credentials to use in the HTML
> form.)
>
>
Right.
> Charlie can't MITM attack:
> Alice <--- TLS ---> Charlie <--- TLS ---> Bob
> (Alice initiates TLS, doesn't get Bob, and so she rejects the
> session. The second TLS channel between Charlie and Bob has no
> relevance.)
>
>
Wrong. Bob doesn't know if Alice has checked his certificate or not.
Alice does, but cannot simply tell Bob, because Bob can't trust her
assertion, because Charlie might be there.
So yes, you're quite right, this is a security hole in almost all
uses of HTTPS.
It's much worse, of course, in the case where Alice has no means of
validating Bob's certificate, for example if Bob has a self-signed
cert - which is fairly common. In this case, strange as it may seem,
both Alice and Bob actually have no idea if there's Charlie in the
middle, even if TLS seems to be okay as far as both can tell.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards
mailing list