SSL验证使用证书:如果证书有一个主机? [英] SSL Authentication with Certificates: Should the Certificates have a hostname?
问题描述
Gmail中,TD(加拿大银行),皇家银行(加拿大银行)都使用SSL。当你检查他们的证件他们都有
Gmail, TD (Canadian Bank), Royal Bank (Canadian Bank) all use ssl. When you inspect their certificates they all have
Common Name (CN) mail.google.com
或更普遍的:
Common Name (CN) <url>
这是需要prevent中间人攻击?
Is this needed to prevent man in the middle attacks?
JBoss的允许客户端和服务器使用证书和SSL认证。这似乎很奇怪的一件事是,你是不是需要给您的主机名的证书上。
JBoss allows clients and servers to authenticate using certificates and ssl. One thing that seems strange is that you are not required to give your hostname on the certificate.
我认为这意味着如果服务器B在您的信任,Sever的B能pretend是他们想要的任何服务器。
I think that this means if Server B is in your truststore, Sever B can pretend to be any server that they want.
(25:17:如果客户端B是在您的信任......)
(And likewise: if Client B is in your truststore...)
我失去了一些东西在这里?
Am I missing something here?
(<一个href=\"http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake\">Summary Wikipeida网页的)
Client Server
=================================================================================================
1) Client sends Client Hello
ENCRIPTION: None
- highest TLS protocol supported
- random number
- list of cipher suites
- compression methods
2) Sever Hello
ENCRIPTION: None
- highest TLS protocol supported
- random number
- choosen cipher suite
- choosen compression method
3) Certificate Message
ENCRIPTION: None
-
4) ServerHelloDone
ENCRIPTION: None
5) Certificate Message
ENCRIPTION: None
6) ClientKeyExchange Message
ENCRIPTION: server's public key => only server can read
=> if sever can read this he must own the certificate
- may contain a PreMasterSecerate, public key or nothing (depends on cipher)
7) CertificateVerify Message
ENCRIPTION: clients private key
- purpose is to prove to the server that client owns the cert
8) BOTH CLIENT AND SERVER:
- use random numbers and PreMasterSecret to compute a common secerate
9) Finished message
- contains a has and MAC over previous handshakes
(to ensure that those unincripted messages did not get broken)
10) Finished message
- samething
谁知Sever的
-
客户端具有发送证书的公钥(第7步)
Sever Knows
The client has the public key for the sent certificate (step 7)
客户端的证书是有效的,因为无论是:
The client's certificate is valid because either:
- 已经由CA(威瑞信)签署
- 它已经自签名的,但它是在服务器的信任
这不是一个重放攻击,因为presumably随机数(步骤1或2)与每个消息发送
It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message
-
该服务器具有发送证书(第6步与第8步)
The server has the public key for the sent certificate (step 6 with step 8)
该服务器的证书是否有效
因为无论:The server's certificate is valid because either:
- 已经由CA(威瑞信)签署
- 它已经自签名的,但它是在客户端的信任
它不是一个重放攻击,因为presumably随机数(步骤1或2)
与每个消息发送It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message
-
假设客户的信任有证书在里面:
Suppose the client's truststore has certs in it:
- 服务器A
- 服务器B(的恶意)
服务器A的主机名www.A.com
Server A has hostname www.A.com
服务器B主机www.B.com
Server B has hostname www.B.com
假设:客户端试图连接到服务器A,但服务器B启动了中间人攻击
Suppose: The client tries to connect to Server A but Server B launches a man in the middle attack.
由于B服务器:
- 具有将被发送到客户端证书的公共密钥
- 有一个有效证书(在一个信任证书)
- 证书没有在其中一个主机名费尔德
这似乎是服务器B可以pretend是服务器A容易。
It seems like Server B can pretend to be Server A easily.
有没有办法,我失去了一些东西?
Is there something that I am missing?
推荐答案
我觉得你失去了一些东西,但我不知道如果我理解你的理由。
I think you're missing something, but I'm not sure if I understand your reasoning.
然而,当服务器B试图在中间人攻击推出一个男人,你说,它有一个公共密钥。这是真实的,但设置一个SSL连接时,你也应该有属于该公钥的私钥。此外,所使用的证书被耦合到DNS名称(在HTTPS的情况下)。因此,一个客户端试图连接到A,他类型www.a.com。由于我们假设B不知道A的私钥,他将有另一个密钥对。他永远无法接收来自耦合到他没有自己的域名的主要CA的有效(即信任的)证书。
However, when server B tries to launch a man in the middle attack, you say that it has a public key. This is true, but to setup a ssl connection, you should also have a private key belonging to that public key. Moreover, the certificate used is coupled to the dns name (in case of https). So a client tries to connect to A, he types in www.a.com. Since we assume that B does not know the private key of A, he will have another keypair. He could never receive a valid (i.e. trusted) certificate from a major CA that is coupled to a domain he does not own.
于是产生了B永远无法与通用名称www.A.com的证书,因为这个原因,B无法在中间人攻击执行的人。
So B could never get a certificate with common name www.A.com, for this reason, B could not perform a man in the middle attack.
这篇关于SSL验证使用证书:如果证书有一个主机?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!