[5396] in cryptography@c2.net mail archive
Re: going around the crypto
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sat Aug 14 12:37:44 1999
To: "MIKE SHAW" <mas@sbscorp.com>
Cc: cryptography@c2.net
Date: Fri, 13 Aug 1999 12:38:12 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
In message <s7b4019f.007@sbscorp.com>, "MIKE SHAW" writes:
> It's my understanding that in order to exploit this, you'd have to essentiall
> y
> set yourself up as a proxy after sending the RDP advert If this is the case,
>
> wouldn't the fact that the man in the middle did not have the cert that
> corresponded to the domain name cause at least one warning for most
> browsers? ('certificate name check' in netscape, 'wrong certificate name' in
> Opera). Otherwise, you'd just be acting as a router and SSL would prevent
> sniffing. Am I missing something?
Not as a proxy, since that's a different protocol from the host, but as the
end-system. Yes, you have to issue yourself a fake certificate, but I suspect
that that's not an insurmountable problem. And of course, that certificate is
signed by someone you've invented with a plausible name -- probably something
corresponding to the name of the site you're impersonating. Say, "Amazon.com
Electronic Security Services" or some such.
