[15909] in cryptography@c2.net mail archive
Re: Any TLS server key compromises?
daemon@ATHENA.MIT.EDU (Sean Smith)
Sat Aug 14 16:10:00 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <411BD441.1050801@rsasecurity.com>
Cc: cryptography@metzdowd.com
From: "Sean Smith" <sws@cs.dartmouth.edu>
Date: Fri, 13 Aug 2004 18:33:02 -0400
To: Marc Branchaud <marcnarc@rsasecurity.com>
> has a TLS server (or client, for that matter) key ever actually been
> compromised?
Hi, Marc!
I don't know about in-the-wild attacks.
However, proof-of-concept attacks:
Server-side: Brumley and Boneh did timing attacks on Apache SSL
servers---see their Usenix Security paper from 2003.
Client-side: we've done a number of host-based attacks and http-based
attacks, to steal or borrow use of a user's client-side SSL/TLS key.
See:
J. Marchesini, S.W. Smith, M.Zhao.
"Keyjacking: The Surprising Insecurity of Client-side SSL"
Computers and Security. To appear, 2004.
http://www.cs.dartmouth.edu/~sws/abstracts/msz04.shtml
--Sean
Sean W. Smith sws@cs.dartmouth.edu www.cs.dartmouth.edu/~sws/
Asst Prof, Department of Computer Science, Dartmouth College.
Director, Cybersecurity and Trust Research Center, Institute for
Security Technology Studies.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
