Re: Tunneling through hostile proxy
Adam Back wrote: > On Tue, Jul 23, 2002 at 06:11:04PM +, Jason Holt wrote: > >> The default behavior for an SSL proxy is to pass the encrypted bytes >>back and forth, allowing you to connect all the way to the other server. > > > This isn't just the default behavior; it's the only defined behavior > right? > > >>However, it is possible for the proxy to have its own CA which has >>been added to your browser. Then it acts as a man in the middle and >>pretends to be the remote host to you, and vice versa. In that >>case, it works as you describe, watching the data during its interim >>decryption. > > > While it's _possible_ to do this, I've never heard of a server hosted > application that advertises that it's doing this. I would think it > would be quite hard to get a CA to issue you a certificate if this is > what you intended to do with it (act as a general MITM on SSL > connections you proxy). Errr - its tricky anyway, coz the cert has to match the final destination, and, by definition almost, that can't be the proxy. I believe its pretty common for server farms to use SSL-enabled reverse proxies where the SSL terminates at the proxy. Different scenario, though. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Re: Tunneling through hostile proxy
Ben Laurie wrote: || Errr - its tricky anyway, coz the cert has to match the final || destination, and, by definition almost, that can't be the proxy. provided you can impose a CA cert onto the user browser (not hard in a corporate environment) it isn't as if signing a certificate "on the fly" is hard - consider the following 1. proxy has CA private key A and SSL public key B 2. client requests connect to SSL on xxx.yyy.zzz.com 3. proxy uses OpenSSL library to create certificate for xxx.yyy.zzz.com on the fly (with Public key B) signed by CA key A 4. proxy opens SSL link to xxx.yyy.zzz.com 5. if step 4 succeeds, proxy sends cert to client 5. client checks cert against its own local copy of public key A (from its root cert dir) which claims to be "thawte, inc" 6. client approves link and negotiates SSL with proxy 7. proxy links its connection to xxx.yyy.zzz.com to inbound client connection 8. proxy passes (and logs) packets
Re: Tunneling through hostile proxy
On Tue, 23 Jul 2002, Adam Back wrote: [...] > > However, it is possible for the proxy to have its own CA which has > > been added to your browser. Then it acts as a man in the middle and > > pretends to be the remote host to you, and vice versa. In that > > case, it works as you describe, watching the data during its interim > > decryption. > > While it's _possible_ to do this, I've never heard of a server hosted > application that advertises that it's doing this. I would think it > would be quite hard to get a CA to issue you a certificate if this is > what you intended to do with it (act as a general MITM on SSL > connections you proxy). [...] I don't know of any other real-world examples. Rescorla mentions the technique on pp. 316-319 of "SSL and TLS". Certainly Thawte isn't going to issue such wildcard certs, for exactly the reasons you mention. That's why you (or your government, or company, or whoever keeps an eye on you) create your *own* CA and tell your browser to trust it. Then it'll accept the wildcard certs without complaint. -J
Tunneling through hostile proxy
>> Roy M. Silvernail[SMTP:[EMAIL PROTECTED]]
>> Given internet access from a private intranet, through an HTTP
>> proxy out of the user's control, is it possible to establish a secure
>> tunnel to an outside server? I'd expect that ordinary SSL
>> connections will secure user <-> proxy and proxy <-> server
>> separately, with the proxy able to observe cleartext. Could an SSH
>> connection be made under these conditions?
[...]
The default behavior for an SSL proxy is to pass the encrypted bytes
back and forth, allowing you to connect all the way to the other server.
However, it is possible for the proxy to have its own CA which has been added
to your browser. Then it acts as a man in the middle and pretends to be the
remote host to you, and vice versa. In that case, it works as you describe,
watching the data during its interim decryption.
Typically, the proxy would give you generic certificates (like
"*.com"), but it could conceivably generate a certificate for each site you
visit ("secure.yahoo.com", etc.). The way to tell would be to look at the
issuing authority according to your browser - if it's one of the public ones,
like Thawte, you've got a connection to the far end. If it's "Th4wt3", or
your company's, the proxy is probably watching.
Incidentally, another company that does private browsing over SSL is
www.orangatango.com (along with other nifty anonymizing stuff).
-J
