SSL验证使用证书：如果证书有一个主机？ [英] SSL Authentication with Certificates: Should the Certificates have a hostname?

问题描述

Gmail中，TD（加拿大银行），皇家银行（加拿大银行）都使用SSL。当你检查他们的证件他们都有

Gmail, TD (Canadian Bank), Royal Bank (Canadian Bank) all use ssl. When you inspect their certificates they all have

Common Name (CN)   mail.google.com

或更普遍的：

Common Name (CN)   <url>

这是需要prevent中间人攻击？

Is this needed to prevent man in the middle attacks?

JBoss的允许客户端和服务器使用证书和SSL认证。这似乎很奇怪的一件事是，你是不是需要给您的主机名的证书上。

JBoss allows clients and servers to authenticate using certificates and ssl. One thing that seems strange is that you are not required to give your hostname on the certificate.

我认为这意味着如果服务器B在您的信任，Sever的B能pretend是他们想要的任何服务器。

I think that this means if Server B is in your truststore, Sever B can pretend to be any server that they want.

（25:17：如果客户端B是在您的信任......）

(And likewise: if Client B is in your truststore...)

我失去了一些东西在这里？

Am I missing something here?

（<一个href=\"http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake\">Summary Wikipeida网页的）

Client                                                  Server
=================================================================================================
1) Client sends Client Hello
        ENCRIPTION: None
        - highest TLS protocol supported
        - random number
        - list of cipher suites
        - compression methods

                                                        2) Sever Hello
                                                                ENCRIPTION: None
                                                                - highest TLS protocol supported
                                                                - random number
                                                                - choosen cipher suite
                                                                - choosen compression method

                                                        3) Certificate Message
                                                                ENCRIPTION: None
                                                                -

                                                        4) ServerHelloDone
                                                                ENCRIPTION: None

5) Certificate Message
        ENCRIPTION: None

6) ClientKeyExchange Message
        ENCRIPTION: server's public key => only server can read
                => if sever can read this he must own the certificate
        - may contain a PreMasterSecerate, public key or nothing (depends on cipher)

7) CertificateVerify Message
        ENCRIPTION: clients private key
        - purpose is to prove to the server that client owns the cert


                        8) BOTH CLIENT AND SERVER:
                                - use random numbers and PreMasterSecret to compute a common secerate


9) Finished message
        - contains a has and MAC over previous handshakes
                (to ensure that those unincripted messages did not get broken)


                                                        10) Finished message
                                                                - samething

谁知Sever的

• 客户端具有发送证书的公钥（第7步）

  Sever Knows

  • The client has the public key for the sent certificate (step 7)

    客户端的证书是有效的，因为无论是：

    The client's certificate is valid because either:

    
    
    • 已经由CA（威瑞信）签署
    
    
    • 它已经自签名的，但它是在服务器的信任
    
    

    这不是一个重放攻击，因为presumably随机数（步骤1或2）与每个消息发送

    It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message

    
    

    • 该服务器具有发送证书（第6步与第8步）

    • The server has the public key for the sent certificate (step 6 with step 8)

    该服务器的证书是否有效
        因为无论：

    The server's certificate is valid because either:

    
    
    • 已经由CA（威瑞信）签署
    
    
    • 它已经自签名的，但它是在客户端的信任
    
    

    它不是一个重放攻击，因为presumably随机数（步骤1或2）
        与每个消息发送

    It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message

    
    

    • 假设客户的信任有证书在里面：

    • Suppose the client's truststore has certs in it:

    
    
    • 服务器A
    
    
    • 服务器B（的恶意）
    
    

    服务器A的主机名www.A.com

    Server A has hostname www.A.com

    服务器B主机www.B.com

    Server B has hostname www.B.com

    假设：客户端试图连接到服务器A，但服务器B启动了中间人攻击

    Suppose: The client tries to connect to Server A but Server B launches a man in the middle attack.

    由于B服务器：

    
    
    • 具有将被发送到客户端证书的公共密钥
    
    
    • 有一个有效证书（在一个信任证书）
    
    
    
    
    • 证书没有在其中一个主机名费尔德
    
    

    这似乎是服务器B可以pretend是服务器A容易。

    It seems like Server B can pretend to be Server A easily.

    有没有办法，我失去了一些东西？

    Is there something that I am missing?

    推荐答案

    我觉得你失去了一些东西，但我不知道如果我理解你的理由。

    I think you're missing something, but I'm not sure if I understand your reasoning.

    然而，当服务器B试图在中间人攻击推出一个男人，你说，它有一个公共密钥。这是真实的，但设置一个SSL连接时，你也应该有属于该公钥的私钥。此外，所使用的证书被耦合到DNS名称（在HTTPS的情况下）。因此，一个客户端试图连接到A，他类型www.a.com。由于我们假设B不知道A的私钥，他将有另一个密钥对。他永远无法接收来自耦合到他没有自己的域名的主要CA的有效（即信任的）证书。

    However, when server B tries to launch a man in the middle attack, you say that it has a public key. This is true, but to setup a ssl connection, you should also have a private key belonging to that public key. Moreover, the certificate used is coupled to the dns name (in case of https). So a client tries to connect to A, he types in www.a.com. Since we assume that B does not know the private key of A, he will have another keypair. He could never receive a valid (i.e. trusted) certificate from a major CA that is coupled to a domain he does not own.

    于是产生了B永远无法与通用名称www.A.com的证书，因为这个原因，B无法在中间人攻击执行的人。

    So B could never get a certificate with common name www.A.com, for this reason, B could not perform a man in the middle attack.

    这篇关于SSL验证使用证书：如果证书有一个主机？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！