IETF Logo Mail Archive

Re: [therightkey] Basically, it's about keeping the CAs honest

Phillip Hallam-Baker <hallam@gmail.com> Mon, 13 February 2012 19:26 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6D2A21F873C for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 11:26:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.391
X-Spam-Level:
X-Spam-Status: No, score=-3.391 tagged_above=-999 required=5 tests=[AWL=0.208, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ELl7sbrov0T for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 11:26:42 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 15AF921F873B for <therightkey@ietf.org>; Mon, 13 Feb 2012 11:26:41 -0800 (PST)
Received: by ghbg16 with SMTP id g16so2977953ghb.31 for <therightkey@ietf.org>; Mon, 13 Feb 2012 11:26:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=uc14N8FMazCxVmX0gLYcxbwzCjKrbAeWv1jXUHeBoGk=; b=m0l3e3S52NNQgGn2qUD0ylOkEKQyWlD0m0UoVp4SScEhgDEptwT/k1L6MB9Pif/Zhm Ne6ObYLvKcmDLhg7o2bWZ97hP87nSp57CwnB4kEhNpu81rGGxvJqPX7W/JAKLe30rHsY TSHv189xAaR0NVM5WsdElqj6xJFOzQdgCWvq8=
MIME-Version: 1.0
Received: by 10.60.7.102 with SMTP id i6mr4984985oea.9.1329161198011; Mon, 13 Feb 2012 11:26:38 -0800 (PST)
Received: by 10.182.75.138 with HTTP; Mon, 13 Feb 2012 11:26:37 -0800 (PST)
In-Reply-To: <CAK3OfOg7H5y614DQeDDnznxxAbopXiTbuy4UjPprrigSw+D_DA@mail.gmail.com>
References: <201202131636.q1DGafVR006049@fs4113.wdf.sap.corp> <0600CF7A-A8CB-4E35-B729-43D626434645@virtualized.org> <CAMm+LwjkPZm9FF=FGx+vb_JxLRbygm-y1H85Powq6U0UfxSKCQ@mail.gmail.com> <CAK3OfOg7H5y614DQeDDnznxxAbopXiTbuy4UjPprrigSw+D_DA@mail.gmail.com>
Date: Mon, 13 Feb 2012 14:26:37 -0500
Message-ID: <CAMm+LwhmegoV7W_BNZy72_7QyU=YiisaObHHVmaU8EQvhxbRUA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: therightkey@ietf.org, mrex@sap.com, David Conrad <drc@virtualized.org>
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2012 19:26:43 -0000

On Mon, Feb 13, 2012 at 1:42 PM, Nico Williams <nico@cryptonector.com> wrote:
> On Mon, Feb 13, 2012 at 12:32 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
>> +1
>>
>> It is also worth pointing out that the MITM certs stopped being
>> offered commercially as soon as it became public knowledge that they
>> had been.
>>
>> Presumably the next step the companies providing this facility will
>> take is to offer their own browser with the capability built in. It is
>> no good jumping up and down saying people should not make such
>> devices. The choice we have is whether to do the job right or let them
>> do it without any input.
>>
>>
>> What I find wrong with the MITM proxies is that they offer a
>> completely transparent mechanism. The user is not notified that they
>> are being logged. I think that is a broken approach because the whole
>> point of accountability controls is that people behave differently
>> when they know they are being watched.
>
> I'm confused: if this is wrong, and if preventing MITMing CAs leads to
> an MITM model that is right (because the users are informed), then why
> does it no good to jump up and down saying that people should not make
> MITM devices?  It seems to me that it will have done plenty of good.

Bluecoat has been selling the boxes for years, they will continue to
sell them. The only difference is that now the enterprise has to
install its own root into all the browsers.

But that means those corporate users are not being informed that the
MITM is taking place. Which means their security expectations are
still being violated.


> The object for me is not to prevent MITMing when the user knows.  I
> really don't care about corporate MITM devices because I assume users
> (employees, contractors) are informed.  Like you I care about MITM
> devices that users *don't* know about.

I assume that being informed means no more than being told that water
contains chamicals known to the state of California to cause cancer.
So no, I do not consider that an 'informed user'.


> Not all spy-on-your-employees solutions are bad, thus the fact that
> alternatives will arise does not necessarily bother me.  Only those
> that can be used against users who are not informed or have no way to
> avoid the MITM (employees can always... not use employer networks for
> personal use).  Think of people in Iran, Syria, ...

Iran peddles backdoored versions of Word, Windows and such. They are
ahead of you there.

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email