On Thu, May 22, 2025 at 3:18 AM nanog--- via NANOG <nanog@lists.nanog.org> wrote:
By specifying that a key is only used for server authentication, it prevents a hypothetical class of attacks where, say, you present one server's certificate as a client certificate to another server, pass traffic between the two servers - successfully authenticating as something you aren't, but still being unable to forge messages, but the connection may still have unintended effects (see cross-protocol request forgery).
A certificate authenticates an encryption public key and the identity claimed to be associated with it. A man in the middle can pass that key onward, but he won't be able to encrypt or decrypt anything with the associated private key since he does not possess the associated private key. This works in either direction which is rather the point. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/