Bugtraq mailing list archives
Re: "The End of SSL and SSH?"
From: Eric Rescorla <ekr () SPEEDY RTFM COM>
Date: Thu, 21 Dec 2000 09:57:08 -0800
Kurt Seifried <listuser () SEIFRIED ORG> writes:
As for DNSSEC/etc yeah it's far from perfect but at least it might stop dns spoofing. I know I have no plans to fully populate my /etc/hosts and synch it between all my machines somehow anytime soon.
It seems to me that DNSSEC would have exactly the same problems that you're complaining about with SSL. After all, the problem isn't the certificates with SSL aren't properly bound to the domain name. Rather, it's that users ignore warnings that the certificates are bad. More importantly, just using won't DNSSEC protect against man-in-the-middle attacks, unless the DNS records also contain key records for the hosts you're trying to access. Sure, the attacker won't be able to spoof your name resolution but he will be able to hijack your TCP connection once you have resolved the hostname. Merely having the correct IP address is not enough. -Ekr -- [Eric Rescorla ekr () rtfm com] http://www.rtfm.com/
Current thread:
- Re: "The End of SSL and SSH?", (continued)
- Re: "The End of SSL and SSH?" Brett Glass (Dec 20)
- Re: "The End of SSL and SSH?" Crispin Cowan (Dec 20)
- Re: "The End of SSL and SSH?" Ajax (Dec 20)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
- Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
- Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
- Re: "The End of SSL and SSH?" Alfred Perlstein (Dec 20)
- Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)
- Re: "The End of SSL and SSH?" Kurt Seifried (Dec 21)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Samuele Giovanni Tonon (Dec 21)
- Re: "The End of SSL and SSH?" - mongo followup Kurt Seifried (Dec 24)
- Re: "The End of SSL and SSH?" Adrian Close (Dec 22)
- Re: "The End of SSL and SSH?" Darren Reed (Dec 21)
- Re: "The End of SSL and SSH?" Klaus Moeller (Dec 22)