[7980] in cryptography@c2.net mail archive
RE: Malign SSL server attacks
daemon@ATHENA.MIT.EDU (Tim Dierks)
Thu Oct 19 00:44:50 2000
From: "Tim Dierks" <tim@dierks.org>
To: <rsalz@CaveoSystems.com>, <cryptography@c2.net>
Date: Wed, 18 Oct 2000 10:44:34 -0700
Message-ID: <000e01c0392b$13993ac0$f906010a@haruspex.certicom.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <200010171602.MAA13355@os390.caveosystems.com>
> I am not familiar enough with the protocol to answer this question:
> is it possible for an evil SSL server to send packets such that it
> ends up with an arbitrary signature from a client? I'm trying to
> emphasize the importange of keyUsage bits. :)
This is not possible without unreasonable computational power or breaking
algorithms; the client makes a contribution to the message which is signed.
- Tim
