[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL client certificate question and bdb_dn2id_matched question



On Wed, 2003-01-15 at 10:01, Bradley Scutvick wrote:

 
> Howard Chu wrote:
> > Self-signed certs can be made to work, but should not be used. They are a
> > security liability. Please read the admin guide:
> > http://www.openldap.org/doc/admin21/tls.html
> 
> Is it a security liability just because no institution is vouching for 
> your identity or does it undermine the encryption somehow?  I know it's 
> off topic, ignore as you please.

This has to do with trust rather than the encryption itself.  I have to
trust that the server my client is talking to really is who it says it
is.  To do this you have these third party (ie public CA's) who you
"trust".

By trusting them, you trust their signature (key path) to the CA.

Now if they are sloppy and they loose their private key to some evil
hacker, they can revoke their certificates and start again.. but the
problem now is.. do you REALLY trust them any more.  Even wtih the new
key your encrypted traffic is safe.. but the nagging issue of trust is
there.. do you really know they haven't already lost this one and you
are at the mercy of "man in the middle" attack?

>From the point of view of a system (like my home one) all I want is SSL
to encrypt my password and other details back from the ldap server.  To
get this, the attacker would have to access my system, and really... the
only reason they would want to do that is to have a zombie waiting for
the next DDoS attack... because there ain't much of interest in my
database.. :)

So... if you are running a publicly accessible, production server, then
self signed isn't a good idea.. if you are "playing" and trust
yourself.. then I don't see a problem with it... but then I'm not a
crypto expert.. :)

Pete