Null Prefix Attacks Against SSL/TLS Certificates

Date Added: Jul 2009
Format: PDF

The SSL and TLS protocols aim to provide secrecy, authenticity, and integrity safeguarding communication from both passive and active adversaries. SSL and TLS rely heavily on the x500 certificate structure in order to deliver authenticity, and both parties in an SSL/TLS connection have the opportunity to identify themselves with an x509v3 certificate. The original vision of the x509 standards committee was to create a certificate structure that would uniquely identify individuals within a global Directory Information Tree. While that ultimate never fully materialized. SSL/TLS does not need to pay much attention to the hierarchical context of an entity that is identifying itself anyway.