How can we protect against a MitM faking the first server request response and also faking Certificate Authority response (in case of a HTTPS request)? Basically the MitM would provide the answers (response packets) faster than the server and the CA with fake answers/data/public keys. In this case the MitM would take over the traffic between the client and the server and would simulate the real website. How can the client know that it really communicates with the real website/server or not?
Asked
Active
Viewed 17 times
1
-
Please read first how SSL/TLS work. Then you will realize that the fake answers will be detected as fake and the client will not continue with the TLS handshake and never transfer any application data. – Steffen Ullrich May 25 '17 at 20:38
-
The client has pre-shared root certificates that it uses to verify the presented certificate of the server. A rouge server isn't able to obtain correctly signed certificates. – Arminius May 25 '17 at 20:38