IETF Logo Mail Archive

Re: [TLS] Eleven out of every ten SSL certs aren't valid

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 02 July 2010 12:10 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F4C93A6805 for <tls@core3.amsl.com>; Fri, 2 Jul 2010 05:10:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.127
X-Spam-Level:
X-Spam-Status: No, score=-2.127 tagged_above=-999 required=5 tests=[AWL=0.472, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5IeMd0guWeOW for <tls@core3.amsl.com>; Fri, 2 Jul 2010 05:10:31 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 73EFF3A67E5 for <tls@ietf.org>; Fri, 2 Jul 2010 05:10:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1278072643; x=1309608643; h=from:to:subject:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20asteingruebl@paypal.com,=20pgut001@cs.auckland.ac. nz,=20tls@ietf.org|Subject:=20RE:=20[TLS]=20Eleven=20out =20of=20every=20ten=20SSL=20certs=20aren't=20valid |In-Reply-To:=20<5EE049BA3C6538409BBE6F1760F328ABEA99F4CA 87@DEN-MEXMS-001.corp.ebay.com>|Message-Id:=20<E1OUf4O-00 021e-Ru@wintermute02.cs.auckland.ac.nz>|Date:=20Sat,=2003 =20Jul=202010=2000:10:12=20+1200; bh=9UYm/UqOax2Cw8SILRPVwTnjDfjEezUcDvq0q55lhhg=; b=T1E5kePlOsxMI/c870eb34nm1RpcHvJfWIXJiDNDNl7gcEHgI5ItDFCt fEFSe3ma6sTijoYNwWuS0lEmqDSJvtVJTq6seD5xOLVkbEah0kSGV7zn/ x5dQMyEtx75lqg+/llD1AdrTRpxMo0NdUoHpjnOgte4qDXVM3q3vstMkq Y=;
X-IronPort-AV: E=Sophos;i="4.53,526,1272801600"; d="scan'208";a="13628491"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 03 Jul 2010 00:10:13 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1OUf4O-00021e-Ru; Sat, 03 Jul 2010 00:10:12 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: asteingruebl@paypal.com, pgut001@cs.auckland.ac.nz, tls@ietf.org
In-Reply-To: <5EE049BA3C6538409BBE6F1760F328ABEA99F4CA87@DEN-MEXMS-001.corp.ebay.com>
Message-Id: <E1OUf4O-00021e-Ru@wintermute02.cs.auckland.ac.nz>
Date: Sat, 03 Jul 2010 00:10:12 +1200
Subject: Re: [TLS] Eleven out of every ten SSL certs aren't valid
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2010 12:10:34 -0000

"Steingruebl, Andy" <asteingruebl@paypal.com> writes:

>Sorry, the cite I found lacking was the one that said all cert warnings are
>false positives.  There is no published research that I know of that actually
>has tried to do a widescale measurement of active MITM attacks against SSL.

Oh, sure.  OTOH I don't see how you could get figures for that, since you're
trying to prove a negative ("we detected eighteen undetected attacks last
year" :-).  The paper tries to turn this around by creating a falsifiable
hypothesis, "show me an instance where a cert warning saved a user from harm",
which is probably the best you can do.

>I know of at least 2 in progress, but neither is published yet.  This is the
>data I'm looking for.

The very fact that we're having this discussion is pretty scary, we've been
using certs in SSL/TLS for fifteen years now and we're still waiting for any
evidence about whether they're defending against anything (in terms of MITM,
not site-identification).  Imagine if someone in the automative industry said
"Yeah, well we've been building klorgleblorts into every car shipped for the
last twenty years, we're just waiting for someone to figure out whether they
serve any purpose or not" :-).

>Are you really trying to argue that because certificate warnings don't stop
>cybercrime, they aren't worthwhile?  I'm not sure I understand how you get to
>there from here.

If you have a mechanism that doesn't work then you can build on that.  In
other words if you can't be a shining example then you can serve as a horrible
warning and a spur for further research into alternatives.  There's been quite
a bit of work done on the use of other mechanisms to secure transactions with
sites, my favourite is the PARC work on site-specific browsers (SSBs), for
site authentication there's Perspectives (which hits phishers in their
critical weak spot), and then there's large amounts of work on password-based
mutual auth mechanisms and key-continuity.  There's certainly no lack of
research work being done, it's just not being adopted in any browser.

>Do you know of some published data on the number of malicious wifi access
>points, SSL mitm attacks, etc. that I don't?  Its possible I just haven't
>seen it.

No, I don't know of anything.  This works both ways though, because it also
means that there's zero evidence in support of using certs for MITM
prevention.

(Incidentally, by "MITM" I assume you mean a conventional MITM and not server
authentication spoofing, i.e. phishing.  There's plenty of data available on
phishing :-).

Peter.

v2.23.0 | Report a Bug | By Email