[Users] Re: [Serusers] trusting peers

Klaus Darilion klaus.mailinglists at pernau.at
Wed Oct 12 09:15:43 CEST 2005 

Nils Ohlmeier wrote:
> On Tuesday 11 October 2005 16:32, Klaus Darilion wrote:
> 
>>Jan Janak wrote:
>>
>>>  Client certificate ? Why ? Make sure that the client certificate is
>>>  created by a trusted CA (which is known to SER) and once a request
>>>  arrives over TLS then you know that the certificate was valid
>>>  (provided that you enable client certificate verification).
>>
>>Knowing that the certificate is valid is not enough. Badguy can have a
>>certificate for badguy.com which is perfectly valid, but this does not
>>imply that I trust badguy.com. I have to compare the certificate domain
>>with the domains of trusted peers somehow.
> 
> 
> Klaus, if you do not trust badguy.com although he has a valid singed 
> certificate from a CA which you trust, then you can throw away TLS 
> completely.

There is a big difference between authentication and authorization.

1. I have to authenticate the peer. Using TLS and certifiactes is fine.

2. I have to authorize the peer. Some peers will be e.g. routed 
different. You would this this like:
    if (message is from trusted peer) {
       ....

So I need to check the certificate in ser.cfg somehow, or associate the 
domain in the From header with the domain in the certificate.

Or do I miss the point?

regards
klaus

> The hole model only works because the trust in inherited from the CA when you 
> get a singed certificate.
> If you do not trust any CA, except your own, then you created your own trust 
> database which is hard to maintain. No matter what is the base of the 
> trustworthyness (IP; certificate signed by you; shared secret or signed 
> certificate for IPSec) maintaining the trust database (or however you call 
> it) is a real pain, that is the reason why you should trust someone else to 
> do this job.
> 
> BTW why do you need/want to trust someone and others not?
> You want to give privileges to the trustworthy. But what happens if they cheat 
> you? You should be able to track them down. And then sue them (if the laws of 
> both countries allows this)?
> 
> Sueing them is your only weapon in the end. If you cant sue them you are 
> doomed anyway no matter what is your trust base.
> 
> Enough philosophy :-)
>   Nils
> 
>

More information about the Users mailing list