Re: [Evolution] SSL certificates and Man in the Middle attacks
> Right then, if you are all saying that my premise ("perhaps some CAs
> deliver certificates for domains that are not actually demonstrably
> owned by the requester") is utterly wrong, and that the myriad of CAs we
> provide by default are all trustworthy, then the system is, I guess,
> trustworthy.
>
> Just wanted to make sure :)
Trust is a personal thing. The bundle of trusted certificates provided
with a distro/OS are those that the maintainers have decided are
trustworthy, hopefully by examining the chain of keys that those
certificates are signed with. Only you can decide if you trust the
source of that bundle, and hence trust the certificates. If you don't,
then remove the bundle and then add only those certificates that you
personally trust, and that come from sources that you can verify.
P.
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
Right then, if you are all saying that my premise ("perhaps some CAs
deliver certificates for domains that are not actually demonstrably
owned by the requester") is utterly wrong, and that the myriad of CAs we
provide by default are all trustworthy, then the system is, I guess,
trustworthy.
Just wanted to make sure :)
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote: > Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit : > As users (mostly) ignore security warnings[1], it should be useless, > IMHO. > SSH does not targets same users than browsers or mail readers, so users > are more likely to read them. (And SSH keys doesn't expires, so you can > keep fingerprints for ages) > [1] http://lorrie.cranor.org/pubs/sslwarnings.pdf Yep, after 20+ years as a System & Network Administrator I can tell you with complete certainty that 99.44% of users just-hit-accept when they see an invalid-certificate notice. The only solution is a policy which disables accepting untrusted certificates [and what a nightmare that is as there are *many* commerce sites that use expired or self-signed certificates ]. There is no issue with how GNOME or Evolution manages certificates. signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote: > As users (mostly) ignore security warnings[1], it should be useless, > IMHO. Nice, didn't know that paper. I normally point to http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf page 5 as another quick explanation of the effect of such dialogs to the user. andre -- mailto:ak...@gmx.net | failed http://blogs.gnome.org/aklapper ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit : > Hi there, > As far as I can tell, Evolution uses a default set of SSL certificate > authorities. > [...] > > Will the user get (I hope) a big scary "SOMETHING IS VERY WRONG" warning > like SSH does when server fingerprints don't match? > > I'm of course not a security expert, but would like some reassurance > that Evolution is actually safe against this scenario. > Thanks As users (mostly) ignore security warnings[1], it should be useless, IMHO. SSH does not targets same users than browsers or mail readers, so users are more likely to read them. (And SSH keys doesn't expires, so you can keep fingerprints for ages) [1] http://lorrie.cranor.org/pubs/sslwarnings.pdf -- Bastien Durel ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
> > However, I've been told that the Certificate Authorities system is > fundamentally flawed, in the sense that CAs don't communicate with each > other, any of them can sign for any domain name, and I've been told some > CAs are quite un-trustworthy. This is a scary prospect. Are you saying that a trusted CA might sign an SSL certificate for a domain that the requester doesn't own. I find that surprising. The whole point of the trusted CA system is that you *can* trust them to do the correct thing - and the correct thing is for them to verify that you have the right to request a signed certificate for a particular domain. > > Now, I never had to "accept" the certificate for Google to use GMail > through IMAP. To be honest, I would have expected some sort of prompt > that says, "Hey, this is the first time you're connecting to that > host... are you certain that you are on a trusted network connection and > the host you are connecting to is really the one it claims to be?"... No, the point of the trusted CA system is that you aren't presented with those sorts of prompts. If you are concerned about this, remove the trusted CA certificates from your system, you will then be asked to verify every new certificate your machine comes across. > > My question is thus the following: if the user is not the one manually > vetting the certificates, what happens when someone tries to do a > man-in-the-middle attack (ie: you're on an untrusted wifi, someone tries > to impersonate the GMail IMAP servers and provide a valid, signed > certificate that is different from Google's)? That requires the attacker to have a valid signed certificate, signed by a trusted CA, for Google's servers > > Will the user get (I hope) a big scary "SOMETHING IS VERY WRONG" warning > like SSH does when server fingerprints don't match? No, if the certificate seen by the underlying SSL mechanism is trusted, then you will not get any warnings ... because it's trusted. > > I'm of course not a security expert, but would like some reassurance > that Evolution is actually safe against this scenario. Evolution uses the same underlying SSL subsystem that the rest of your machine uses, so it is as safe as, say, the https protocol - and I suspect you put considerably more trust in that than you do in an encrypted IMAP connection. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
