oss-sec mailing list archives

Re: On sanctioned MITMs

From: Lyndon Nerenberg <lyndon () orthanc ca>
Date: Fri, 1 May 2015 19:40:51 -0700

On 05/01/2015 01:15 PM, mancha wrote:

Though Hushmail email credentials, for example, can't be sniffed in
the segment connecting the client to CloudFlare, they are available
to CloudFlare's infrastucture. Moreoever, there is no way for the
client to verify that the segment connecting CloudFlare to the
destination server is similarly encrypted (i.e. it might be in the
clear as would be the case when using CloudFlare's "Flexible SSL"
product).  

Hushmail's CloudFlare usage serves as an example that brings me to
my general point.

How should the security community view this growing use of
sanctioned MITM in light of the ever-increasing amount of sensitive
content sent over SSL/TLS encrypted channels (e.g. email, electronic
banking, medical records, etc.)?


But also ask why they might use it.  E.g., in the presence of a DDOS attack, many companies rely on infrastructure such 
as what Cloudflare provides in order to keep their services running.  By their nature, those mitigation services have 
to bust the SSL pipe to do what they do.

What I am not hearing anywhere in this conversation is a proposal for how Cloudflare can provide the service they do, 
but in a manner that doesn't require busting the SSL pipe in the middle.  There are MANY people begging for an answer 
to that.  Do you have it?  If not, are you prepared to see the services you "need" go offline when someone decides to 
DDOS the provider?

That's not a rhetorical question.  For some people, the answer is 'yes'.  But for most, it is 'no'.

In the specific Hushmail example, would it alleviate peoples concerns if the Cloudflare MITM-busting behaviour took 
place entirely inside Canada?  If not, how do you propose an alternative?  And what, exactly, is the attack vector you 
are trying to close down?  Is it the only one?  How do they interact?

--lyndon

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

On sanctioned MITMs mancha (May 01)
- Re: On sanctioned MITMs Hanno Böck (May 01)
- Re: On sanctioned MITMs Kurt Seifried (May 01)
  - Re: On sanctioned MITMs Dean Pierce (May 01)
  - Re: On sanctioned MITMs mancha (May 01)
    - Re: On sanctioned MITMs Lyndon Nerenberg (May 01)
    - Re: On sanctioned MITMs mancha (May 02)
    - Re: On sanctioned MITMs Lyndon Nerenberg (May 02)
    - Re: On sanctioned MITMs Joe Malcolm (May 04)
    - Re: On sanctioned MITMs Eddie Chapman (May 02)
- Re: On sanctioned MITMs Solar Designer (May 01)
  - Re: On sanctioned MITMs mancha (May 01)