In https workflow, how client knows whether its connected to correct server not malicious?

Asked May 19 '21 at 17:55

Active May 19 '21 at 19:00

Viewed 30 times

Was reading HTTPS workflow and would like to understand more about it.

Client ---> Malicious Server (instead of actual server)

When Client connects to server there can be possibility that it connects to malicious server and that server represents the certificate on behalf of Actual Server, how client knows whether its genuine server or not?

asked May 19 '21 at 17:55

Parth Shah

I am not sure. I think that the cert is bound to the domain it is used on. – Jakob Tinhofer May 19 '21 at 17:59
Certificate validation in HTTPS is about being connected to the *"expected"* server. Being *"malicious"* is a different concept, i.e. the expected server can well be malicious. HTTPS protects against man in the middle attacks but makes no statements about the server being malicious or not. HTTPS can well be used to server malware etc. – Steffen Ullrich May 19 '21 at 19:02

In https workflow, how client knows whether its connected to correct server not malicious?

0 Answers0