2

I was trying to learn TLS in depth. Probably my understanding is wrong. This is what I understood:

At the end of client handshake, the server will send the CA certificate to the client which contains the Public Key and specify which algorithm to use. Browser will verify the authenticity of the certificate by comparing trusted authorities,CN and Public key.

My question is, can't these parameters be spoofed by a malicious server? For example, the attacker can actually make a SSL handshake to the valid server and collect the server response certificate and create their own certificate with the same parameters right?

What are the factors affecting this spoofing? Is there any other PKI involved in validating the Certificate?

Anonymous Platypus
  • 1,442
  • 3
  • 19
  • 34
  • For clarity: root CA certificates are already installed on the client; typically as part of the operating-system installation. In order to spoof a certificate, the attacker would either need to have already installed a malicious root certificate on the target machine or they would need to have compromised the private key of an existing CA. –  Jun 19 '18 at 15:29
  • [This](https://stackoverflow.com/questions/188266/how-are-ssl-certificates-verified) answers my query. – Anonymous Platypus Jun 20 '18 at 06:34

0 Answers0