nanog mailing list archives
Re: The state-level attack on the SSL CA security model
From: "Crist Clark" <Crist.Clark () globalstar com>
Date: Mon, 28 Mar 2011 16:47:26 -0700
On 3/25/2011 at 2:21 AM, Florian Weimer <fweimer () bfk de> wrote:* Roland Dobbins:On Mar 24, 2011, at 6:41 PM, Florian Weimer wrote:Disclosure devalues information.I think this case is different, given the perception of the cert as a 'thing' to be bartered.Private keys have been traded openly for years. For instance, when your browser tells you that a web site has been verified by "Equifax" (exact phrasing in the UI may vary), it's just not true. Equifax has sold its private key to someone else long ago, and chances are that the key material has changed hands a couple of times since. I can't see how a practice that is completely acceptable at the root certificate level is a danger so significant that state-secret-like treatment is called for once end-user certificates are involved.
Any large, well funded national-level intelligence agency almost certainly has keys to a valid CA distributed with any browser or SSL package. It would be trivial for the US Gov't (and by extension, the whole AUSCANNZUKUS intelligence community) to simply form a shell company CA that could get a trusted cert in the distros or enlist a "legit" CA to do their patriotic duty (along with some $$$) and give up a key. Heck, it's so easy, private industry sells this as a product for the law enforcement community. It's an easy recipe, 1) Go start your own CA (or buying an existing one may be easier, as Florian points out). 2) Get your key put in Windows, Firefox, Opera, etc. 3) Build an appliance that uses your key to do MIM attacks on the fly. 4) Sell appliance to law enforcement (or anyone else with the money, maybe a smaller nation's intelligence apparatus?). 5) Profit! Just Google around for commercial products aimed at LI that have this capability. Commercial SSL/TLS, i.e. using built-in CAs, offers no protection against nation-states at the intelligence or law enforcement level. -- Crist Clark Network Security Specialist, Information Systems Globalstar 408 933 4387
Current thread:
- Re: The state-level attack on the SSL CA security model, (continued)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 24)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 24)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 24)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 24)
- Re: The state-level attack on the SSL CA security model Franck Martin (Mar 24)
- Re: The state-level attack on the SSL CA security model George Herbert (Mar 24)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 25)
- Re: The state-level attack on the SSL CA security model Owen DeLong (Mar 25)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 24)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 25)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 25)
- Re: The state-level attack on the SSL CA security model Crist Clark (Mar 28)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 29)
- Re: The state-level attack on the SSL CA security model Crist Clark (Mar 29)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Dorn Hetzel (Mar 25)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
- Re: The state-level attack on the SSL CA security model Ariel Biener (Mar 26)
- Re: The state-level attack on the SSL CA security model Martin Millnert (Mar 25)