• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Security with Streams
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security with Streams

  • Subject: Re: Security with Streams
  • From: "Gerriet M. Denkmann" <email@hidden>
  • Date: Mon, 27 Jun 2016 10:13:01 +0700
> On 26 Jun 2016, at 21:59, Keary Suska <email@hidden> wrote:
>
>
>> On Jun 25, 2016, at 8:44 PM, Gerriet M. Denkmann <email@hidden> wrote:
>>
>> Following TN2326 I created a (self signed) Certificate Authority and a Digital Identity called "MyServerId".
>>
> <snip>
>
>>> We are now falling into the rabbit hole that is peer-to-peer trust & identity. How is your server going to identify it so that a client will know that it’s the server it expects? I don’t know whether you’ve given any thought to this; the answer affects how you’d implement this part of the app.
>>
>> I have thought about this, but I am not at all sure that my thoughts are correct.
>> Currently (as indicated in the code above) my client has a copy of the real server certificate and compares it with the certificate obtained from its inputStream.
>> I am not sure whether putting the server certificate into the client is ok or a breach of security.
>>
>> That is: the client will accept any server which has signed with the server certificate.
>
> Self-signed certificates can only offer encryption, but cannot offer trust because they are not verifiable. You can’t use the server certificate as a key since you pass that key out to anyone who wants it (in your app), and anyone who gets it can impersonate the server.

Assume that an evil entity has got hold of “MyServerCertificate.cer”, but has no access to my keychain and thus to the private key of MyServerCertificate.
Could they use this certificate to open a secure stream to a client? Or do they need the private key to sign?


> I am unclear to me whether you are after a client-server (i.e. all servers are under your control) or peer-to-peer (i.e. every client is a server and every server is a client)) model?

There is just one server, which is under my control.


Kind regards,

Gerriet.


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Security with Streams
      • From: Jens Alfke <email@hidden>
    • Re: Security with Streams
      • From: Keary Suska <email@hidden>
References: 
 >Security with Streams (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: Security with Streams (From: Jens Alfke <email@hidden>)
 >Re: Security with Streams (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: Security with Streams (From: Keary Suska <email@hidden>)

  • Prev by Date: Re: Security with Streams
  • Next by Date: Re: Security with Streams
  • Previous by thread: Re: Security with Streams
  • Next by thread: Re: Security with Streams
  • Index(es):
    • Date
    • Thread