Interesting People mailing list archives
Re: Surveillance via bogus SSL certificates
From: David Farber <dave () farber net>
Date: Wed, 24 Mar 2010 19:55:47 -0400
Begin forwarded message: From: Matt Blaze <mab () crypto com> Date: March 24, 2010 7:49:00 PM EDT To: dave () farber net Cc: "ip" <ip () v2 listbox com> Subject: Re: [IP] Re: Surveillance via bogus SSL certificates On Mar 24, 2010, at 7:32 PM, David Farber wrote:
Begin forwarded message: From: "Ed Gerck, Ph.D." <egerck () nma com> Date: March 24, 2010 4:29:40 PM EDT To: dave () farber net Cc: ip <ip () v2 listbox com> Subject: Re: [IP] Surveillance via bogus SSL certificatesChris Soghoian and Sid Stamm published a paper today that describes a simple "appliance"-type box, marketed to law enforcement and intelligence agencies in the US and elsewhere, that uses bogus certificates issued by *any* cooperative certificate authority to act as a "man-in-the-middle" for encrypted web traffic.This may have a political flair but is not new technical information, in spite of the authors' claim. For example, it was mentioned early this year in this list (see "rogue certificates" in the "SSL would prevent it" thread) and ten years ago I presented a paper at the Red Hat Conference, that said: "The CA paradigm is thus, essentially, to rely on an authentication chain that ends in a ... CA that eventually certifies itself. Therefore, the validity problem is shifted from a local perspective to a global perspective, with the whole chain depending on one final link. At the end, ignorance (and the possibility of fraud) is leveraged to a high degree, in which one weak link may compromise a whole chain of certificates." with copy online at http://mcwg.org/mcg-mirror/cert.htm Best regards, Ed Gerck
Huh? I don't believe that anyone (certainly not me, and not the authors of the paper I linked to, with which I have no connection) is claiming that the fact that a bogus certificate from a rogue CA be a threat, is new. I'm not sure who Mr. Gerck thinks is claiming such a thing. Indeed, when my colleagues and I developed the trust management model almost 15 years ago we did so partly because we understood precisely this limitation of the identity certification model. What's surprising here is the fact that apparently law enforcement and intelligence agencies (and who knows who else) have access to commercially available, turnkey products that exploit their ability to use any one multiple CAs trusted by web browsers. -matt mab blogs at http://www.crypto.com/blog ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Surveillance via bogus SSL certificates Dave Farber (Mar 24)
- <Possible follow-ups>
- Surveillance via bogus SSL certificates Dave Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates David Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates David Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates David Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates Dave Farber (Mar 25)