What is the benefit of public Certificate Authority when using SSL mutual authentication?

I was working the other day and I had a question come up, that I want to ask here to make sure my assumptions are correct.

In terms of SSL Mutual Authentication a self signed CA and a public CA provide the same functionality, is that assumption correct?

Besides the part that, supposedly, a public CA is stored much more securely than a private CA, the functionality part is the same, right? Meaning the client will be able to communicate with the server only if both of them have the certificates issued by the same CA and the server has access to the CA, right?

So in this situation, the man-in-the-middle attack is only possible of the attacker has access to the self-signed CA, correct?

And if all of the above assumptions are correct, what is the benefit of using a public CA for ssl mutual authentication? Is it only that it’s stored very securely or is there also something else?

Any help is greatly appreciated, thank you!

A tricky mutual information inequality

Let $$X_0, X_1, X_2$$ be three independently distributed bits, let $$B$$ be a random variable such that $$I(X_0:B)=0$$, $$I(X_1:B)=0$$, and $$I(X_2:B)=0$$, I need to prove that $$I(X_0, X_1, X_2:B)\leq 1$$

(where $$I(M:N)$$ is Shannon’s mutual information).

I can demonstrate that $$I(X_0, X_1, X_2:B)\leq 2$$, by using chain rule of mutual information $$I(X_0, X_1, X_2 : B)= I(X_0:B)+I(X_1,X_2:B|X_0) = H(X_1,X_2|X_0) – H(X_1,X_2|B,X_0) = 2 – H(X_1,X_2|B,X_0) \leq 2$$.

(where $$H(.)$$ is Shannon’s binary entropy).

Equivalence of two definitions of mutual information

I am learning quantum computing and as a background study, I am currently learning fundamentals of classical information theory. I thought it best to ask my doubts here. In Nielsen and Chuang, it is stated that mutual information I(X:Y) of two random variables X and Y is the information they have in common while in some books, it is written that mutual information I(X:Y) is the information one variable(say X) has about the other(say Y). I can’t understand it intuitively how the two definitions are equivalent. Also, the symmetric property of mutual information,i.e., I(X:Y)=I(Y:X) is obvious to me from the first definition but not from the second one.

Decomposition of Mutual Information

I came across a book where the author uses the following property of mutual information:

Let $$X$$,$$Y$$,$$Z$$ be arbitrary discrete random variables and let $$W$$ be an indicator random variable.

$$(1)\ \ I[ X : Y \mid Z ] = Pr(W=0) I[ X : Y \mid Z, W=0 ] + Pr(W=1) I[ X : Y \mid Z, W=1 ]\$$

I don’t understand why this property holds in general. To show this I was thinking to proceed as follows: \begin{align} I[ X : Y \mid Z ] &= E_z[ I[ X : Y \mid Z = z ]] \ &= E_w[ E_z[ I[ X: Y \mid Z = z]\ |\ W=w ] ] \ &= Pr(W=0)E_z[ I[ X: Y \mid Z = z]\ |\ W=0 ] \ &+ Pr(W=1)E_z[ I[ X: Y \mid Z = z]\ |\ W=1 ]. \end{align} where the second line follows by the law of total expectation. However, this does not seem to be the right approach since it’s not clear to me that $$E_z[ I[ X: Y \mid Z = z]\ |\ W=w ] = I[ X : Y \mid Z, W=w ]$$ holds.

What is the right way to show (1)?

How can we use digital signatures for mutual authentication between two computers?

I get the fact that we can use digital signatures for authenticating the signer (since they are using their private key to create the signature, and this is known only to the signer ). But how can the verifier also be authenticated using digital signature? I have a feeling that we could use digital certificates for this but I am confused about how such a protocol would work.

Mutual TLS and Cert Pinning solving the same problem?

To prevent MITM from my app I will use cert pinning.

To prevent having not approved parties communicate to my server I can use Mutal TLS, which actually accepting communication from trusted sources.

Am I am missing something or it sounds the same?

Is it secure to use a single pair of RSA keys to achieve mutual authentication? [migrated]

I saw this design recently in an infotainment product. The goal is mutual authentication between two ECUs, E1 and E2. They only care about each other. The basic idea is to keep both keys secret and let each ECU have one. Let’s call the keys k1 and k2, instead of public key and secret key, or E and D. Both keys are large.

Suppose E1 has k1, and E2 has k2. To perform mutual authentication in a cost efficient way:

1. E1 generates random data D of a fix length, and encrypts hash(D) with k1, resulting in S1. D and S1 are sent to E2.
2. E2 decrypts S1 with k2, and check if it matches hash(D).
3. If OK, E2 calculates the binary complement of D, denoted D’. Then it encrypts hash(D’) with k2, resulting in S2. S2 is sent to E1.
4. E1 calculate D’, decrypts S2 with k1, and check if it matches hash(D’).

I have a hunch this design is risky, but fail to find the weakness. Is it secure enough in the real world?

TLS mutual authentication client hostname verification

What is the purpose of server-side verification of the client hostname in a mutually authenticated TLS connections? How important is this?

How to configure nginx with mutual TLS and restrict client domains

I have an nginx server that requires mutual TLS (client certificate required). What configurations do I need for nginx to only allow client certificates where the “subject” is from a certain domain?

I’ve read about the variable “ssl_client_s_dn”. I suppose I would parse this to get the domain and check that it matches a string. Can someone provide an example of how to do this?

For client certificates NOT belonging to a certain domain, access should be denied.

How to configure nginx with mutual TLS and restrict client domains

I have an nginx server that requires mutual TLS (client certificate required). What configurations do I need for nginx to only allow client certificates where the “subject” is from a certain domain?

I’ve read about the variable “ssl_client_s_dn”. I suppose I would parse this to get the domain and check that it matches a string. Can someone provide an example of how to do this?

For client certificates NOT belonging to a certain domain, access should be denied.