[Nut-upsdev] Client certificates

[EmilienKia at Eaton.com]

> -----Message d'origine-----
> De : 
> nut-upsdev-bounces+emilienkia=eaton.com at lists.alioth.debian.or
> g 
> [mailto:nut-upsdev-bounces+emilienkia=eaton.com at lists.alioth.d
> ebian.org] De la part de Arjen de Korte
> Envoyé : mardi 11 janvier 2011 22:15
> À : nut-upsdev
> Objet : [Nut-upsdev] Client certificates
> 
> While browsing the sources of the nss-ssl-port sources I 
> noticed that client certificates were added. What is the 
> reason behind this? As far as I can see, using a server 
> certificate and validating it in the upsmon client should 
> provide us with a secure channel. Authorizations for the 
> server will then be handled by the settings in upsd.users by 
> logging into the server with user and password (like we have 
> done for ages). What are client certificates going to add to 
> this? We'll still need the upsd.users to tie the certificates 
> to operations allowed on the upsd server (master or slave), 
> so what benefit will using client certificates have here? 
> What problem are we solving with client certificates?
> 
> Best regards, Arjen

I have added client certificate checking mainly to avoid man-in-the-middle attacks or identity usurpation.
Indeed If you just have server authentication (like 99% the web where just the sertver auth is required), you are just sure of the server's identity, but not the client's one. If you do not want that a vilain execute vicious commands (if it has the login/password), the server must be sure of the client's identity.

Moreover, note that the password is exchenaged uncrypted or unhashed (do not take in account the SSL tunnel) so nothing can prevent a manè-in-the-middle attack because the server can not detect it speaks to a vilain (or a client via a vilain) and not directly to the real client.

BR,
Emilien

--------------------------------------------------------------------------