KH rites:
>Can someone explain in a nutshell how Netscape's keymgmt (with RSA's
>VeriSign spinoff) works, and what's implemented in Netscape's
>full-featured proxy?
Well I can take a stab at it (have found a good way to learn is to say what
you think is write and try to dodge the bricks). Am assuming that by
"Netscape's full-featured proxy" you mean the Commerce Server.
1) Netscape 2.0 clients contain Verisign public key from the factory
2) Someone wishing to do business on the net buys Netscape Commerce Server
3) Same Someone (SS) sends money to Verisign
4) Verisign sends SS three items (maybe two)
a) SS private key (assume it plugs into server software somewhere).
b) certificate from Verisign containing SS public key, ID, & expiration date
c) (not necessary so not sure) SS public key
5) Potential Client (PC) with Netscape 2.0 webs to SS
6) SS sends certificate (4b) to PC
7) PC's client software (CS) uses Verisign public key (1) to extract three
pieces of (4b) & checks validity (displays ID on screen ?).
8) If all ok, PC's CS generates random number seed/key for RC4-40 algorithm.
9) PC's CS encrypts the S/K using SS's public key & sends to SS
10) SS & PC establish "secure" link using RC4-40 & S/K
The "flaws" mentioned on the net involve (8) and (10), not the RSA exchange.
Big concern is that it all hinges on the sanctity of Verisign's private key
since every copy of netscape and every certificate depends on that single key
that can not be easily changed.
Note also that SS really has no clue who PC is (probably does not care so
long as SS gets a good credit card number). However since a secure channel
has been established even such old technology as reusable passwords are
sufficient to change PC to OEC (old established client).
Now I see several correlations. The first of which being that Verisign expects
SS to send money every year for a new certificate. Since MIT and the web of
key-servers promise the same for free and since Marc A. stated in Baltimore
that future versions of Netscape would accomodate other certificating
authorities including FORTEZZA (Clipper Card), I will not be buying
any Verisign stock. (24 months and counting).
Just to go waaaaay out on a limb, will mention that my understanding of
Netscape 1.x is that there is no certificate involved. Instead
SS generates/was issued its own public/private key and sends it to PC. PC
uses this without any authentication to encrypt the S/K and sends it back
skipping directly to step (9).
In this manner, a secure channel is created but neither end is authenticated
(man in the middle attack could succeed). This is the mechanism I mentioned
several years ago when the third party money holders started popping up to
show that they were unnecessary. The Verisign certificate mechanism (other
than the expiration date) has been in PGP since at least 2.3.
Like I said, this is how I understand the mechanism and it will work however
I could have been off a touch in some of the bits. If I am, please post (if
you post to the group, please do not cc me, my volume is high enough as it
is.
Warmly,
Padgett
ps have undoubtely used some trademarked/registered names (probably everything
capitalized that looks like one) - they belong to their respective owners.
pps see that Network General is finally trying to enforce their registration
of "Sniffer". Suspect it may have already joined "asprin" & "nylon".
Follow-Ups:
|
|
