Re: [Acme] Stronger protection against HTTPS MITM
Mateusz Jończyk <mat.jonczyk@o2.pl> Tue, 27 January 2015 09:17 UTC
Return-Path: <mat.jonczyk@o2.pl>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABDA61A8770 for <acme@ietfa.amsl.com>; Tue, 27 Jan 2015 01:17:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.185
X-Spam-Level: ****
X-Spam-Status: No, score=4.185 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FREEMAIL_FROM=0.001, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e62pczWEYSXD for <acme@ietfa.amsl.com>; Tue, 27 Jan 2015 01:17:47 -0800 (PST)
Received: from moh3-ve1.go2.pl (moh3-ve1.go2.pl [193.17.41.30]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2263F1A1A39 for <acme@ietf.org>; Tue, 27 Jan 2015 01:17:47 -0800 (PST)
Received: from moh3-ve1.go2.pl (unknown [10.0.0.117]) by moh3-ve1.go2.pl (Postfix) with ESMTP id 97689A6A03A for <acme@ietf.org>; Tue, 27 Jan 2015 10:17:42 +0100 (CET)
Received: from unknown (unknown [10.0.0.142]) by moh3-ve1.go2.pl (Postfix) with SMTP for <acme@ietf.org>; Tue, 27 Jan 2015 10:17:42 +0100 (CET)
Received: from dns-failure [83.27.207.158] by poczta.o2.pl with ESMTP id rIYEjS; Tue, 27 Jan 2015 10:17:42 +0100
Message-ID: <54C757B0.7090302@o2.pl>
Date: Tue, 27 Jan 2015 10:17:36 +0100
From: Mateusz Jończyk <mat.jonczyk@o2.pl>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <phill@hallambaker.com>, acme@ietf.org
References: <54C4B086.5080005@o2.pl> <CAMm+Lwj9BXeTmVFV=DEY=Cbj9gWyeW9GzxxR7gZ6gaC3ZD7MAA@mail.gmail.com>
In-Reply-To: <CAMm+Lwj9BXeTmVFV=DEY=Cbj9gWyeW9GzxxR7gZ6gaC3ZD7MAA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-O2-Trust: 2, 65
X-O2-SPF: notchecked
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/uVqLbIfGx2JsmvvDBJFfuOektKw>
Subject: Re: [Acme] Stronger protection against HTTPS MITM
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jan 2015 09:17:50 -0000
W dniu 26.01.2015 o 19:20, Phillip Hallam-Baker pisze: > What is the attack model here? What form of attack is unacceptable? > > We have a request for a cert for www.example.com <http://www.example.com> to > Alice-Cert. What attacks do we consider problems? > > 1) The holder of www.example.com <http://www.example.com> did not authorize any > cert binding to that private key. > > 2) The holder of www.example.com <http://www.example.com> authorized a cert for > that key but it was for Bob-Cert. > > 3) The holder of www.example.com <http://www.example.com> thinks they are > connecting to Alice-cert but they are actually connecting to Mallet-Cert. > > > (1) is very clear problem but (2) is not unless there is an application that > makes use of the certificate without a private key or vice versa. (3) is going > to be trivially solved by checking the issued cert chain. > > TLS does not permit certificate substitution attacks. I was thinking about some publicly unknown vulnerability in TLS or its implementations. So (3) above. > Binding every communication to a private signing key held by the applicant is a > good idea. Requiring that to be the private key in the cert is a very bad one. > Not least because once we stop using RSA, encryption keys and signature keys > become two different algorithms and there are good privacy reasons to prefer a > key agreement based on encryption and an ephemeral rather than signature and an > ephemeral. I'm sorry, but I don't understand the above paragraph (most importantly, its context). What are You responding to? Greetings, Mateusz
- [Acme] Stronger protection against HTTPS MITM Mateusz Jończyk
- Re: [Acme] Stronger protection against HTTPS MITM Richard Barnes
- Re: [Acme] Stronger protection against HTTPS MITM Mateusz Jończyk
- Re: [Acme] Stronger protection against HTTPS MITM Phillip Hallam-Baker
- Re: [Acme] Stronger protection against HTTPS MITM Anders Rundgren
- Re: [Acme] Stronger protection against HTTPS MITM Mateusz Jończyk