Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- How many programs "cheat" relative to SSH
March 13, 2007, 5:13 am
rate this thread
I'm looking at an email program, and an email account that uses SSL on
both the SMTP side and the POP3 activities. Looking at just the POP3
activity, as I understand it, things are supposed to go like this when
I'm checking the POP3 server for mail.
1. I tell the server that I want to do SSL.
2. The server sends me a digitally signed certificate, with his public
3. I check the digital signature against my list of Certificate
Authorities, to make sure it came from who it says it came from.
4. I make up a session key, encrypted with the public key, and send
5. The server decrypts with his private key.
6. Now, only the server and I know the session key, so we're done.
Now, the question I'm interested in is: how bad is it if my email
program simply skips step 3 above, and doesn't verify the signature.
That clearly opens me up to a "man in the middle" attack, if the "bad
guys" have the resource for that kind of attack. But, if the "bad
guys" are strictly limited to an eavesdropping attack, am I safe
against eavesdropping even though step 3 was omitted?
I ask because I believe I have found at least one email program that
does that. The program "supports" SSL, and indeed, I can make
connections which are clearly SSL connections. But, as I tried to
discover the Certificate Authority database that the program would use
for step 3, I couldn't find it.Then it dawned on me that step 3 can be
skipped, and 999 of 1000 times, no one would know the difference.
So: some general questions: is this common? Is a program "guilty" of
advertising," or something worse, if it omits this step and doesn't
tell anyone? How should I feel about this email program?
As I said, this is new landscape for me, and I'm interested in what
are the common practices here.
Re: How many programs "cheat" relative to SSH
What is being protected by the use of SSL?
If your mail client is authenticating to the server, and using a plain
text password to authenticate, then the protection is important to
maintain the secrecy of your password.
If this is just a matter of protecting the message content, then I
wouldn't trust SSL for that anyway. You should rely on PGP or S/MIME
to protect the body of the email message.
SSL, without checking the server key, is still better than sending
the message in clear text. It acts as a deterrent, for it is hard
to mount a MITM attack. And if enough clients do check the server
key, then the risk of discovery of the MITM attack is greater,
which further deters the attack. Just don't assume it is complete
Some windows clients just use the windows certificate store. Some
clients track the fingerprint of the server certificate, and warn
if that changes. Some keep their own certificate store. Some use
the openssl certificate store (on unix, linux). Perhaps some just
ignore the problem.
DO NOT REPLY BY EMAIL - The address above is a spamtrap.
Neil W. Rickert, Computer Science, Northern Illinois Univ., DeKalb, IL 60115
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum