LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The case of the fraudulent SSL certificates

The case of the fraudulent SSL certificates

Posted Mar 24, 2011 18:07 UTC (Thu) by nybble41 (subscriber, #55106)
In reply to: The case of the fraudulent SSL certificates by giraffedata
Parent article: The case of the fraudulent SSL certificates

You try to connect to PayPal. The bad guy intercepts your connection and forwards the traffic to/from the real PayPal site. This is essentially the definition of MITM.

Normally, SSL/TLS would prevent the MITM from observing the cleartext of the traffic, since (a) the MITM needs the proper private key to decrypt what you're sending, and (b) the client verifies that the public key used to encrypt outgoing traffic corresponds to the domain name. The bad guy can only observe the unencrypted traffic by substituting a different certificate, one which would not be approved by a registered CA for use with that domain, thus giving away the MITM attack.

The existence of a fraudulent certificate nullifies (b), since the client will see a certificate certified for the right domain name, but (presumably) the bad guy has the corresponding private key and can thus decrypt the traffic (and re-encrypt it with the right certificate before forwarding it to PayPal, or visa-versa).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds