[2596] in cryptography@c2.net mail archive
SSL3 info leak?
daemon@ATHENA.MIT.EDU (Trei, Peter)
Tue Apr 28 15:51:08 1998
From: "Trei, Peter" <ptrei@securitydynamics.com>
To: "'Eric Young'" <eay@cryptsoft.com>,
Rick Smith
<rick_smith@securecomputing.com>
Cc: Rodney Thayer <rodney@sabletech.com>, cryptography@c2.net
Date: Tue, 28 Apr 1998 14:56:24 -0400
One little problem I recently noticed with SSL is a traffic analysis
leak.
In SSL3, the server sends it's public cert to the client in the clear
(has to be, since the cert is required before the session key can
be exchanged).
However, if the server requires client authentication, then it appears
to me that the client cert is also sent to the server in the clear.
The change to encrypted mode occurs only after the certs have been
exchanged.
This is an identity leak, since the client's cert contains a lot
more info about the client than could be garnered from the TCP &
IP headers alone.
If the switch to encrypted mode occured before the client cert
were requested and sent, this leak would not occur. I can't think
of any reason why this should not be done, other than it mixes the
setup and data transmission states a bit.
Or am I completely off the wall here?
Peter Trei
ptrei@securitydynamics.com
>
