Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2001
IEEE
2001
IEEE
Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading
The issue of certificate masquerading against the SSL protocol is pointed out in [4]. In [4], various forms of server certificate masquerading are identified. It should also be noted that the attack described is a man-in-themiddle (MITM) attack that requires direct manipulation of the SSL protocol. This paper is a mirror of [4] and involves client certificate masquerading. The motivation for this paper comes from the fact that this anomaly has shown up in commercial products. It is potentially more damaging than [4] since a MITM attack is not involved and the only requirement is that the application trust a given root certificate authority (CA). The problem arises when applications use multiple roots that do not cross-certify. The problem is further exasperated since the applications themselves do not have the ability to apply external name constraints and policies. Unfortunately, the problem is a fairly well known problem within the public key infrastructure (PKI) community, but cont...
Real-time Traffic| Added | 23 Aug 2010 |
| Updated | 23 Aug 2010 |
| Type | Conference |
| Year | 2001 |
| Where | ACSAC |
| Authors | James M. Hayes |
Comments (0)
Researcher Info
|
