oss-sec mailing list archives
Re: On sanctioned MITMs
From: Lyndon Nerenberg <lyndon () orthanc ca>
Date: Fri, 1 May 2015 19:40:51 -0700
On 05/01/2015 01:15 PM, mancha wrote:Though Hushmail email credentials, for example, can't be sniffed in the segment connecting the client to CloudFlare, they are available to CloudFlare's infrastucture. Moreoever, there is no way for the client to verify that the segment connecting CloudFlare to the destination server is similarly encrypted (i.e. it might be in the clear as would be the case when using CloudFlare's "Flexible SSL" product). Hushmail's CloudFlare usage serves as an example that brings me to my general point. How should the security community view this growing use of sanctioned MITM in light of the ever-increasing amount of sensitive content sent over SSL/TLS encrypted channels (e.g. email, electronic banking, medical records, etc.)?
But also ask why they might use it. E.g., in the presence of a DDOS attack, many companies rely on infrastructure such as what Cloudflare provides in order to keep their services running. By their nature, those mitigation services have to bust the SSL pipe to do what they do. What I am not hearing anywhere in this conversation is a proposal for how Cloudflare can provide the service they do, but in a manner that doesn't require busting the SSL pipe in the middle. There are MANY people begging for an answer to that. Do you have it? If not, are you prepared to see the services you "need" go offline when someone decides to DDOS the provider? That's not a rhetorical question. For some people, the answer is 'yes'. But for most, it is 'no'. In the specific Hushmail example, would it alleviate peoples concerns if the Cloudflare MITM-busting behaviour took place entirely inside Canada? If not, how do you propose an alternative? And what, exactly, is the attack vector you are trying to close down? Is it the only one? How do they interact? --lyndon
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- On sanctioned MITMs mancha (May 01)
- Re: On sanctioned MITMs Hanno Böck (May 01)
- Re: On sanctioned MITMs Kurt Seifried (May 01)
- Re: On sanctioned MITMs Dean Pierce (May 01)
- Re: On sanctioned MITMs mancha (May 01)
- Re: On sanctioned MITMs Lyndon Nerenberg (May 01)
- Re: On sanctioned MITMs mancha (May 02)
- Re: On sanctioned MITMs Lyndon Nerenberg (May 02)
- Re: On sanctioned MITMs Joe Malcolm (May 04)
- Re: On sanctioned MITMs Eddie Chapman (May 02)
- Re: On sanctioned MITMs mancha (May 01)