Sciweavers

ACSAC
2001
IEEE

Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading

14 years 4 months ago
Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading
The issue of certificate masquerading against the SSL protocol is pointed out in [4]. In [4], various forms of server certificate masquerading are identified. It should also be noted that the attack described is a man-in-themiddle (MITM) attack that requires direct manipulation of the SSL protocol. This paper is a mirror of [4] and involves client certificate masquerading. The motivation for this paper comes from the fact that this anomaly has shown up in commercial products. It is potentially more damaging than [4] since a MITM attack is not involved and the only requirement is that the application trust a given root certificate authority (CA). The problem arises when applications use multiple roots that do not cross-certify. The problem is further exasperated since the applications themselves do not have the ability to apply external name constraints and policies. Unfortunately, the problem is a fairly well known problem within the public key infrastructure (PKI) community, but cont...
James M. Hayes
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2001
Where ACSAC
Authors James M. Hayes
Comments (0)