Iang wrote, On 2008-11-07 08:22: > Bernie Sumption wrote: >> How about an MITM detection service that gives no false positives, but >> might give false negatives? If you positively identify an MITM attack, >> you can present users with a much more definite UI saying "this *is* >> an MITM attack" and giving advice about what to do in the event of an >> MITM. > > This is what we have now, sort of. It detects any > certificate MITMs. It also treats any misconfigurations or > use of non-CA certs as potential attacks. It pretty much > picks up all real cert-based attacks on the browser. > > The problem here is that the real MITMs are almost > non-existent, the "false negatives" are routine, and there > is no real way to tell the difference. What then is > displayed is (generally) not an attack, the users known > (generall) that it is not an attack, so the users believe > the display to be wrong (fairly). > > Click-thru syndrome. > > This part is well known. What is less easy is what to do > about it. It all depends on ones commercial or structural > or security viewpoint. > > What is clear is that there are no easy answers. Solution A > will offend group X, solution B will offend group Y, etc. > > The only solution that seems not to be offensive is to do > much more TLS so that much more attention can be fixed on > the problem. Attention at all levels: user, developer, > LAMPs, ... > > But, this is currently blocked by two factors: the absence > of TLS/SNI in servers, and the difficulty of getting certs > into servers. Both situations are slowly getting better, > but aren't really the subject of here. > > (I'm talking high level here. Please don't respond with the > normal self-serving low level message.)
Ian, I agree with all that you wrote, quoted above. I will add that, while MITMs have historically been very rare, they are on the upswing. I see two broad areas where MITM attacks are on the increase, and they're both directed at the user, not the server. 1) ISPs who want to intercept their customers' traffic, ostensibly to alter URLs for links and images to point to advertisements of their choosing, rather than to advertisements chosen by the content provider. (Note that this is what cable TV companies have done on cable channels for decades, substituting their own ads for the ads coming from the cable channel's content feed. So this seems perfectly natural to them. But defeating secrecy and authenticity measures is a real threat.) 2) software that runs on the user's own PC, and intercepts and modifies his https traffic. In some cases, this is installed by the user himself, ostensibly to block advertisements and certain scripts, and/or do virus detection and prevention. In other cases, it is attack software, malware, plain and simple. In the cases where the user has consciously installed it, the software has merely claimed that it would stop advertisements, and has not explained that it would intercept secure traffic, and defeat all (or most) MITM warnings, to do so. The ISP MITM phenomenon is on the rise, just getting started now. I would encourage users to periodically examine their systems for trusted root CA certs that belong to their ISP, because such certs make it EASY for the ISP to do MITM. (Hint: there's one ISP with roots in FF) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
