On 09.Apr.2014, at 22:12, Peter <peter at pajamian.dhs.org> wrote: > On 04/10/2014 03:09 AM, Markus Falb wrote: >> >> I am assuming that client certificates are handed out to staff. Basically you can't >> really control where people install client certificates and which client software is used. >> If one is tricked to do a SSL Handshake with a malicious server, the key of the client >> certificate is leaked. Reissue of the cert won't help because on the other day there >> would be another malicious handshake with another bad server... > > No, the server never sees a private client certificate, it only ever has > access to the public certificate, which by its very nature of being > public doesn't really matter if it gets leaked. I know. > No vulnerability on the > server can expose a private client certificate, only a vulnerability on > the client can. With malicious server I did not meant one that was affected by heartbleed but a server which is run by bad people that want to exploit vulnerable clients. If it's easy to write a malicious client to read the server's ram, it's maybe easy to write a malicious server that can read the client's ram? Does heartbleed work in both directions? Assume that the client uses a vulnerable openssl, and it connects to a malicious server, can the server read the ram of the client? -- Markus