On Sun, Nov 23, 2014 at 3:53 PM, Richard Pieri <richard.pi...@gmail.com> wrote: > On 11/23/2014 3:26 AM, Bill Bogstad wrote: >> >> If they did something that Microsoft hadn't requested then I'm pretty >> sure somebody would both notice AND care. This is all in the context >> of attacking the security of Internet communications via a MITM >> attack. If Microsoft (one of the two parties communicating >> in this example) authorized it, then it isn't MITM. Whether it > > > Ahh. I see what you mean, now. Your argument, that because Microsoft /did/ > authorize MarkMonitor to act as an intermediary makes any interception not > MITM since it's not an unauthorized party listening in, has merit.
Almost... Microsoft didn't authorize MarkMonitor to monitor their communications (as far as I know). They authorized them to provide DNS related services. So if MarkMonitor did this, then I would call it a MITM attack. My point is more that if they did do it, I believe that it would be very public that something funny was happening. The "cost" to MarkMonitor for doing this would be so high that I don't see them doing it voluntarily. Now if this was really end of the world type stuff, someone might convince/force them to do it anyway. In that case though, I think the parities involved would just go to Microsoft and get copies from them. Much less likely for anyone to ever know. An alternative scenario where someone breaks into MM and does this is worth considering. By using MM, Microsoft is increasing the attack scope on their communications. Of course, Microsoft is also dependent on the security of all CAs, top level DNS servers, etc. The problems with CA delegation seem much more significant then this one though. Until we get a solution to that problem, I'm not going to worry about this one. Bill Bogstad _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss