Justin King-Lacroix wrote on 12/08/2015 01:37 AM:
SSL (used by HTTPS) depends on PKI to solve this problem. PKI is about
having a trusted third party to vouch for the identity of at least one of
the participants involved. That trusted third party is the CA - VeriSign,
Thawte, Comodo, etc.
HTTPS is therefore secure against MITM as long as all of the (hundreds of)
CAs operate correctly -- that is, they aren't subverted by a malicious
party, and they don't lose their signing keys.
But just one side isn't sufficient; both sides must be secure to prevent MITM,
isn't it?
On 8 December 2015 at 00:27, U.Mutlu <[email protected]> wrote:
Justin King-Lacroix wrote on 12/07/2015 02:52 PM:
No. Even in principle, this is essentially impossible -- two parties with
no relationship basically can't communicate securely.
There are lots of approaches to the problem, but they all involve breaking
the 'no relationship' constraint. PKI -- and thus iMessage, WhatsApp --
does it by introducing a well-known trusted third-party. PGP / Web of
Trust
does it by relying on social graphs. OTR and SSH leave it up to you: they
show you the key fingerprint, and it's up to you to work out whether it's
the right one.
But in general, the problem you're describing has no solution.
(Once you've exchanged keys, of course, there are a multitude of way to
create a secure channel on that basis. But you need to exchange keys
somehow first.)
Justin
But this means for https in practice that:
NONE of the security protocols used in https is secure against MITM.
So, https is insecure whatever ciphers one uses, be it DH_RSA, DH_DSS,
DHE_RSA, DHE_DSS or any of the others possible in the security protocol
settings.
That means, NSA & Co. can MITM all https communications.
Unless one exchanges with the site in advance (ie. manually) the certified
public keys of each other, but which in 99.9% of the cases surely not
happens because of the extra and manual work (and costs) needed.
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
