Re: [therightkey] Basically, it's about keeping the CAs honest
Benjamin Kreuter <brk7bx@virginia.edu> Mon, 13 February 2012 19:36 UTC
Return-Path: <brk7bx@virginia.edu>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E88C21E8011 for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 11:36:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36YBr1Enmll4 for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 11:36:26 -0800 (PST)
Received: from tarragon.mail.virginia.edu (tarragon.mail.Virginia.EDU [128.143.2.35]) by ietfa.amsl.com (Postfix) with ESMTP id 17E1E21E8010 for <therightkey@ietf.org>; Mon, 13 Feb 2012 11:36:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tarragon.mail.virginia.edu (Postfix) with ESMTP id 652A0246310 for <therightkey@ietf.org>; Mon, 13 Feb 2012 14:36:22 -0500 (EST)
Received: from tarragon.mail.virginia.edu ([127.0.0.1]) by localhost (tarragon-f.mail.virginia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiFdGx3Ur8+T for <therightkey@ietf.org>; Mon, 13 Feb 2012 14:36:22 -0500 (EST)
Received: from iron0.mail.virginia.edu (iron0-s.mail.virginia.edu [10.250.200.117]) by tarragon.mail.virginia.edu (Postfix) with ESMTP id 3005E2463AA for <therightkey@ietf.org>; Mon, 13 Feb 2012 14:36:22 -0500 (EST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsgAAO1kOU/RVdguimdsb2JhbABDsAgIIgEBAQoJDQcSBiOBcgEBAQMBAQEBDwJaEAsLEgYuIQYNAQUBDg4ZIodaCZtzCpQaiQeIRIJ8CCELAwIEBj2ECScBCwMEERKDQwSISoV/hmiLEYMVPYQg
X-Sender-IP: 209.85.216.46
Received: from mail-qw0-f46.google.com ([209.85.216.46]) by iron0.mail.virginia.edu with ESMTP; 13 Feb 2012 14:36:21 -0500
Received: by mail-qw0-f46.google.com with SMTP id c10so1824787qad.12 for <therightkey@ietf.org>; Mon, 13 Feb 2012 11:36:21 -0800 (PST)
Received: by 10.229.136.199 with SMTP id s7mr10043961qct.145.1329161781764; Mon, 13 Feb 2012 11:36:21 -0800 (PST)
Received: from terabyte ([137.54.21.2]) by mx.google.com with ESMTPS id eo4sm18997265qab.16.2012.02.13.11.36.20 (version=SSLv3 cipher=OTHER); Mon, 13 Feb 2012 11:36:21 -0800 (PST)
Date: Mon, 13 Feb 2012 14:34:16 -0500
From: Benjamin Kreuter <brk7bx@virginia.edu>
To: therightkey@ietf.org
Message-ID: <20120213143416.4d8cde32@terabyte>
In-Reply-To: <CAMm+LwjkPZm9FF=FGx+vb_JxLRbygm-y1H85Powq6U0UfxSKCQ@mail.gmail.com>
References: <201202131636.q1DGafVR006049@fs4113.wdf.sap.corp> <0600CF7A-A8CB-4E35-B729-43D626434645@virtualized.org> <CAMm+LwjkPZm9FF=FGx+vb_JxLRbygm-y1H85Powq6U0UfxSKCQ@mail.gmail.com>
X-Mailer: Claws Mail 3.7.8 (GTK+ 2.18.9; i686-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="PGP-SHA512"; boundary="Sig_/A8Af1/rPsV21aN3aMyq=8_4"; protocol="application/pgp-signature"
X-Gm-Message-State: ALoCoQmEEqzfXULg9XpgVbRtFFbk76Y+UGbTYPBlnkwwbn9t1FpVTT0mrXVRhRO8IljIABrTTBY+
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2012 19:36:27 -0000
On Mon, 13 Feb 2012 13:32:48 -0500 Phillip Hallam-Baker <hallam@gmail.com> wrote: > +1 > > It is also worth pointing out that the MITM certs stopped being > offered commercially as soon as it became public knowledge that they > had been. Which speaks volumes about the motivation behind those certificates. > Presumably the next step the companies providing this facility will > take is to offer their own browser with the capability built in. It > is no good jumping up and down saying people should not make such > devices. The choice we have is whether to do the job right or let them > do it without any input. What we need to do is a build a system that does not make compromises when it comes to security. Jumping up and down is not necessary; build a system where MITM attacks are either infeasible or easily detected. > What I find wrong with the MITM proxies is that they offer a > completely transparent mechanism. The user is not notified that they > are being logged. I think that is a broken approach because the whole > point of accountability controls is that people behave differently > when they know they are being watched. > > I don't mean just changing the color of the address bar either. I > would want to see something like the following: > > 0) The intercept capability is turned on in the browser, this would be > done using a separate tool and lock the browser to a specific > intercept cert root. We can already do this; just import the MITM root into the target browser, and if you want to prevent evasion, disable all other CAs. We do not currently see such things being done, probably because the people who want to perform MITM attacks do not want to have to do anything to the target system that might alert people to the eavesdropping. Why would they cooperate with a system that informs users about the eavesdropping, when they already have such an option available but choose not to use it? -- Ben > 1) User attempts to connect to https://www.example.com > 2) Browser throws up splash screen for 5secs stating 'Your connection > has been intercepted' > > 3) Business as usual. > > The splash screen would appear once per session with a new host and > reset periodically. > > It should show the interception cert being used as well. > > > On Mon, Feb 13, 2012 at 1:21 PM, David Conrad <drc@virtualized.org> > wrote: > > On Feb 13, 2012, at 8:36 AM, Martin Rex wrote: > >> The fact that there are products (client-side HTTPS proxies that > >> perform MITM and inspect content) actively sold and used, > >> which are vitally dependent on being able to exploit weaknesses > >> of the existing TLS X.509 PKI security&trust model, is a sure proof > >> that something is wrong with the existing security model. > > > > Well, it is proof that the theoretical model in which authorized > > MITM was disallowed was seen as too limiting. > > > >> I do not think there is value in maintaining backward compatible > >> weaknesses, and personally, I do not mind the slightest about > >> breaking those protocol subverting middle boxes, be it by the use > >> of TLS channel bindings, or the checking of DANE TLSA records. > > > > Pragmatically speaking, if you come up with an architecture that > > disallows people from doing what they want/need to do, they'll > > either figure out ways around it or not use that architecture. > > > > Regards, > > -drc > > > > _______________________________________________ > > therightkey mailing list > > therightkey@ietf.org > > https://www.ietf.org/mailman/listinfo/therightkey > > > > -- > Website: http://hallambaker.com/ > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey -- Benjamin R Kreuter UVA Computer Science brk7bx@virginia.edu KK4FJZ -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
- [therightkey] Basically, it's about keeping the C… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Benjamin Kreuter
- Re: [therightkey] Basically, it's about keeping t… Yoav Nir
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Stephen Farrell
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Carl Wallace
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker