6.033 Hands-on 7 Solution. 11 April 2000
Netscape Certificates
1. got certificate
2. The certificate verifies that a given name (Douglas S. J. De
Couto) and a given email address (decouto@mit.edu) is bound to
a given public key.
What's shown there:
* My name and email: they verify my identity
* Version information: so we view the certificate properly
* Issuing authority: who issued this certificate about me
* Serial number: a nonce that makes it easier to manage
certificates and uniquely identifies them
* Expiration date; when the certificate is no longer valid, so
that false certificates eventually become invalid
* Fingerprint: an MD5 hash of the certificate, which is essentially
unique for each certificate. According to the OpenSSL documentation
(www.openssl.org), Internet Explorer uses SHA1.
What's not shown:
* My public key: I probably wouldn't do much with the text of the
public key anyway, except validate it. But I can use the hash to
do that also. The public key is of course the whole point of
this certificate business.
* The signature of the certificate authority, that authenticates
the certificate. Without the signature, the certificate has no
meaning, anyone could have issued one.
* My private key: The private key is not part of the certificate,
even though we generate the private key at the same time we
generate the public key that goes with the certificate. We stash
the private key separately from the certificate, where no-one can
see it.
Some of you also use passwords in netscape to protect your
certificate further, but again, there are not actually part of the
certificate; they are just to keep your certificate out of the
wrong hands.
To see some more interesting certificate information, try:
athena% add gnu crypto
athena% cd /tmp; wget http://bs.mit.edu/mitca.ca
athena% openssl x509 -text -inform DER < mitca.ca
This will show you the MIT certificate authority's certificate.
3. The MIT certificate server is willing to give me a certificate with
my name because I have proven to it that I possess the right student
ID number and kerberos password. In the process, the certificate
server trusts kerberos to correctly authenticate me based on my
password.
WebSIS ``safely'' allows access to my grades and financial
information because the certificate indicates that whoever has the
corresponding kerberos id and password and is using the web browser
that presents WebSIS with the certificate is the only person with
the private key coresponding to that certificate. WebSIS can
encrypt the relevant grade and financial information so that only
the student can decrypt and read the information.
Although this system is not bullet-proof, due to known
vulnerabilities in Kerberos, AFS, other technical security
problems, and some students' lax password security, it is at least
secure as sending grades and bills and other official letters to
students' mailboxes, e.g. in a fraternity house or dormitory, where
any number of students can steal the mail, or read documents
left on a desk, etc. Of course, you might not be happy with that
level of security either!
4. How do I know I connected to a secure site? When I connected,
netscape allowed me to examine the certificate offered up by the
site. I could have verified that certificate manually, with a
phone call, to see that the public key did indeed match the
intended site. Or I could rely on the fact that the certificate is
signed by a trusted third party whose public key i already know
(e.g. verisign). How do I know to trust the MIT ceritificate
authority? If you look closely, you will see that the MIT CA signs
its own certificates. Look at http://bs.mit.edu/mitca/sig.asc to
see a signature of that certificate with Jeff Schiller's private
key (jis@mit.edu). He is MIT's network manager. How do I trust
the network to show me the right signature of the certificate? At
some level I don't -- I need to again verify Schiller's signature.
Maybe I call him on the phone, or get someone else who I trust to
authenticate him electronically.
If I don't actually verify the certificate somehow, all bets are
off, due to numerous network insecurities ranging from the ethernet
and IP network layer up to the DNS layer.