Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011-12-01 2:03 PM, ianG wrote: If a CA is issuing sub-CAs for the purpose of MITMing, is this a reason to reset the entire CA? Or is it ok to do MITMing under certain nice circumstances? It seems our CA system has come to resemble our audit system and our financial system. In very white

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

If only we at least used passwords to derive secret keys for authentication protocols that could do channel binding... Sure, that'd still be weak, but it would be much, much better than what we have now. Nico -- ___ cryptography mailing list cryptograph

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Jon Callas writes: >And I presume you didn't save the cert. > >Of course, we just need to have people look for these and then save them. Cert *chain*, not cert. "Save as PKCS #7/Certificate Chain" from the browser dialog. Peter. ___ cryptography mai

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote: > I run a wonderful Firefox extension called Certificate Patrol. It keeps a > local cache of certificates, and warns you if a certificate, CA, or public > key changes unexpectedly. Sort of like SSH meets TLS. As soon as I went to my > stockbroker's

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Thu, Dec 1, 2011 at 5:32 AM, Rose, Greg wrote: > > On 2011 Nov 30, at 17:18 , Lee wrote: > >> On 11/30/11, Rose, Greg wrote: >>> >>> On 2011 Nov 30, at 16:44 , Adam Back wrote: >>> Are there really any CAs which issue sub-CA for "deep packet inspection" aka doing MitM and issue

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011 Nov 30, at 17:18 , Lee wrote: > On 11/30/11, Rose, Greg wrote: >> >> On 2011 Nov 30, at 16:44 , Adam Back wrote: >> >>> Are there really any CAs which issue sub-CA for "deep packet inspection" >>> aka >>> doing MitM and issue certs on the fly for everything going through them: >>> gmai

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

ianG writes: >On 1/12/11 15:10 PM, Peter Gutmann wrote: >> ianG writes: >>> Is this in anyway a cause for action in contract? Is this a caused for >>> revocation? >> And given that you have to ask the MITM for the revocation information, how >> would you revoke such a cert? > >Wait! Mallory has

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 1/12/11 15:10 PM, Peter Gutmann wrote: ianG writes: Is this in anyway a cause for action in contract? Is this a caused for revocation? And given that you have to ask the MITM for the revocation information, how would you revoke such a cert? Wait! Mallory has delivered Alice a valid CA-

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

ianG writes: >Is this in anyway a cause for action in contract? Is this a caused for >revocation? And given that you have to ask the MITM for the revocation information, how would you revoke such a cert? And that was "Why blacklists suck for validity checks, reason #872 in a series of 10,000 o

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 1/12/11 11:50 AM, Nathan Loofbourrow wrote: On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg > wrote: On 2011 Nov 30, at 16:44 , Adam Back wrote: > Are there really any CAs which issue sub-CA for "deep packet inspection" aka > doing MitM and issue certs o

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Adam Back writes: >Are there really any CAs which issue sub-CA for "deep packet inspection" aka >doing MitM and issue certs on the fly for everything going through them: >gmail, hotmail, online banking etc. > >[...] > >Do blue coat and other MitM proxies mentioned on this list recently actually >

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Nathan Loofbourrow writes: >On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg wrote: >> On 2011 Nov 30, at 16:44 , Adam Back wrote: >> >> > Are there really any CAs which issue sub-CA for "deep packet inspection" >> > aka >> > doing MitM and issue certs on the fly for everything going through them: >>

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 11/30/11, Rose, Greg wrote: > > On 2011 Nov 30, at 16:44 , Adam Back wrote: > >> Are there really any CAs which issue sub-CA for "deep packet inspection" >> aka >> doing MitM and issue certs on the fly for everything going through them: >> gmail, hotmail, online banking etc. > > Yes, there are.

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg wrote: > On 2011 Nov 30, at 16:44 , Adam Back wrote: > > > Are there really any CAs which issue sub-CA for "deep packet inspection" > aka > > doing MitM and issue certs on the fly for everything going through them: > > gmail, hotmail, online banking etc

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011 Nov 30, at 16:44 , Adam Back wrote: > Are there really any CAs which issue sub-CA for "deep packet inspection" aka > doing MitM and issue certs on the fly for everything going through them: > gmail, hotmail, online banking etc. Yes, there are. I encountered one in a hotel at Charles de G

[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Are there really any CAs which issue sub-CA for "deep packet inspection" aka doing MitM and issue certs on the fly for everything going through them: gmail, hotmail, online banking etc. I saw Ondrej Mikle also mentions this concept in his referenced link from recent post: https://mail1.eff.org/p

Re: [cryptography] trustable self-signed certs in a P2P environment (freedombox)

On 11/30/11 21:11, Adam Back wrote: > Its rather common for people with load balancers and lots of servers serving > the same domain to have multiple certs. I did a survey how common those load-balancing 'CDN services' are ('CDN service' defined as 'hostname that sent cert A, then B, then A again'

Re: [cryptography] Non-governmental exploitation of crypto flaws?

On Nov 29, 2011, at 8:33 PM, Ilya Levin wrote: > On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas wrote: > >> But the other one is Drew Gross's observation. If you think like an >> attacker, then you're a fool to worry about the crypto. > > While generally true, this is kind of an overstatement. I

Re: [cryptography] trustable self-signed certs in a P2P environment (freedombox)

On Wed, Nov 30, 2011 at 12:11 PM, Adam Back wrote: > Its rather common for people with load balancers and lots of servers serving > the same domain to have multiple certs. > On Wed, Nov 30, 2011 at 12:05:29PM -0800, Peter Eckersley wrote: >> Perspectives/Convergence suffer from the problem that t

Re: [cryptography] trustable self-signed certs in a P2P environment (freedombox)

Its rather common for people with load balancers and lots of servers serving the same domain to have multiple certs. Same for certs to change to a new CA before expiry. (Probably switched to a new CA when adding more servers to the load balanced web server farm). I installed cert patrol and the

Re: [cryptography] trustable self-signed certs in a P2P environment (freedombox)

Perspectives and Convergence are one effort to do this (what key do other people see on this server?). MonkeySphere is another (which humans in a web of trust will vouch that this is the right key for this server?). Perspectives/Convergence suffer from the problem that there is no way to tell the

Re: [cryptography] Auditable CAs

ianG writes: > 3. the existance of a certificate in the log is acceptable proof of > goodness for a browser. > > Is that it, in minimalist form? > > In analogous terms, is this like having the browser check EFF's > repository for a second opinion? Or, like OCSP but expanding the > servers to c

Re: [cryptography] Auditable CAs

On 11/30/2011 12:01 PM, Ben Laurie wrote: On Wed, Nov 30, 2011 at 5:16 PM, Marsh Ray wrote: Perhaps you define this category of "publicly visible certs" as "certs which display without warnings on default-configured browsers when presented by the correct site". ... On the other hand, one could

Re: [cryptography] Auditable CAs

On 28/11/11 08:00 AM, Ben Laurie wrote: Given the recent discussion on Sovereign Keys I thought people might be interested in a related, but less ambitious, idea Adam Langley and I have been kicking around: http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf. I found

Re: [cryptography] Auditable CAs

On Wed, Nov 30, 2011 at 5:16 PM, Marsh Ray wrote: > On 11/30/2011 05:24 AM, Ben Laurie wrote: >> >> On Wed, Nov 30, 2011 at 1:18 AM, Marsh Ray >>  wrote: >>> >>> Perhaps the relevant property is "certs issued by a browser-trusted >>> CA or subordinate" regardless of their visibility. >> >> If they

Re: [cryptography] Auditable CAs

On 11/30/2011 05:24 AM, Ben Laurie wrote: On Wed, Nov 30, 2011 at 1:18 AM, Marsh Ray wrote: Perhaps the relevant property is "certs issued by a browser-trusted CA or subordinate" regardless of their visibility. If they are not visible, why would we care whether they are in the log or not?

Re: [cryptography] Non-governmental exploitation of crypto flaws?

Ilya Levin wrote: On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas wrote: But the other one is Drew Gross's observation. If you think like an attacker, then you're a fool to worry about the crypto. While generally true, this is kind of an overstatement. I'd say that if you think like an attacker

[cryptography] trustable self-signed certs in a P2P environment (freedombox)

I presume many here are aware of the Eben Moglen-started FreedomBox initiative, which sets out to build a Debian distro for lplug computers and similar which will package many existing tools for the end result of an end-user owned and operated, anonymizing and censorship-resistant infrastructu

Re: [cryptography] Auditable CAs

On Wed, Nov 30, 2011 at 1:18 AM, Marsh Ray wrote: > On 11/27/2011 03:00 PM, Ben Laurie wrote: >> >> Given the recent discussion on Sovereign Keys I thought people might >>  be interested in a related, but less ambitious, idea Adam Langley >> and I have been kicking around: >> >> http://www.links.o