Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Tue, 6 Dec 2011 12:34:37 +0100 Adam Back wrote: > Kids figure this stuff out getting through site restrictions on > school wifi also. Some schools try to block popular web games.. eg > runescape. Let us not discourage either the children or the schools! This sounds like an excellent way for

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

writes: > > This is already standard practice for malware-laden sites, to > > the extent that it's severely affecting things like Google Safe > > Browsing and Facebook's link scanner, because Google and Facebook > > always get to see benign content and only the end user gets the > > malware. > >Th

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

> This is already standard practice for malware-laden sites, to > the extent that it's severely affecting things like Google Safe > Browsing and Facebook's link scanner, because Google and Facebook > always get to see benign content and only the end user gets the > malware. This is the singl

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 6 Dec, 2011, at 3:43 AM, ianG wrote: > The promise of PKI in secure browsing is that it addresses the MITM. That's > it, in a nutshell. If that promise is not true, then we might as well use > something else. Is it? I thought that the purpose of a certificate was to authenticate the serv

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Yes, Peter said the same, BUT do you think they have a valid cert chain? Or is it signed by a self-signed company internal CA, and the company internal CA added to the corporate install that you mentioned... Thats the cut off of acceptability for me - full public valid cert chain on other people

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 6/12/11 21:52 PM, Florian Weimer wrote: * Adam Back: Are there really any CAs which issue sub-CA for "deep packet inspection" aka doing MitM and issue certs on the fly for everything going through them: gmail, hotmail, online banking etc. Such CAs do exist, but to my knowledge, they are ent

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Someone should re-test that Three 3g data + bluecoat content-filtering -as-a-service with SSL and give us the cert if the answer is "interesting" :) Most of the parental control and site blocking things are trivially breakable. For example my router can block domains .. but its mechanism is idi

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

* Adam Back: > Are there really any CAs which issue sub-CA for "deep packet inspection" aka > doing MitM and issue certs on the fly for everything going through them: > gmail, hotmail, online banking etc. Such CAs do exist, but to my knowledge, they are enterprise-internal CAs which are installed

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Earlier in the discussion there were questions about why a service provider would want to MITM their customers. This has now been answered by a service provider: It's to protect the children. From http://patrick.seurre.com/?p=42 Three's policy with regards to filtering is intended to ensur

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

> In general it looks like it's a mixture of "it's configurable" and "it depends > on the vendor" (the above only tells you what Bluecoat do).  Interesting to > note that the Bluecoat hardware has problems MITM-ing Windows Update, because > Microsoft apply the quite sensible measure of only allowin

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ondrej Mikle writes: >Matches my observations, especially when looking at CRLs of some small CAs >(company internal). I had a hunch some of those revocations could be due to >CA compromise, but from my point of view it is be only a speculation. I >appreciate sharing your experience working with C

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 12/05/2011 04:21 AM, Lucky Green wrote: On 2011-12-04 12:09, Ondrej Mikle wrote: [...] I re-did the count of CAs whose CRLs had 'CA Compromise' as revocation reason, about month after Peter Eckersley did. Result was the same (counting "trusted" CAs). Plus few others (some seemed to be interna

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011-12-05 14:58, Sandy Harris wrote: Peter Gutmann wrote: You have to be inside the captive portal to see these blue-pill certs. This is why various people have asked for samples, because only a select lucky few will be able to experience them in the wild. I am in China. How could I tes

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Sandy Harris writes: >I am in China. How could I test whether the Great Firewall's packet sniffers >have such a cert.? I'd be kinda surprised if they did that because it's meant to be surreptitious and the Great Firewall isn't exactly a state secret. I'd just use the Perspectives extension to w

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Peter Gutmann wrote: > You have to be inside the captive portal to see these blue-pill certs.  This > is why various people have asked for samples, because only a select lucky few > will be able to experience them in the wild. I am in China. How could I test whether the Great Firewall's packet s

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ondrej Mikle writes: >Sorry, my bad. Mismatch in my thinking<->editing coordination. Originally I >wanted to ask whether you encountered a breach that was not over all the >news, but a rather localized incident at the places you and Lucky described. >Or heard about one from colleagues in the fiel

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011-12-04 12:09, Ondrej Mikle wrote: [...] > I re-did the count of CAs whose CRLs had 'CA Compromise' as revocation reason, > about month after Peter Eckersley did. Result was the same (counting "trusted" > CAs). Plus few others (some seemed to be internal company CAs; but did not > chain > to

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 12/04/11 13:08, Peter Gutmann wrote: > Ondrej Mikle writes: > >> How do MitM boxes react when they MitM connection to a server with self- >> signed cert (or cert issued by an obsure CA not trusted by MitM box)? > > For one example, see > http://wikileaks.org/spyfiles/docs/bluecoat/219_blue-c

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011-12-04 18:18, Ondrej Mikle wrote: Hypothetical question: assume enough people get educated how to spot the MitM box at work/airport/hotel. Let's say few of them post the MitM chains publicly which point to a big issuing CA. It was said (by Peter I think) that nothing would likely happen to

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Lucky Green writes: >If the concern is that employees receive security warnings when accessing in- >house websites, the standard solution is to push out a corporate root via AD, >which is transparent and works quite well. And once they get AD and/or WSUS ported to OS X and Linux it'll be even mo

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Hi, >> We're actually about to release a little tool that does exactly that, >> report the encountered MitM for further scrutiny. > > Great! I had some ideas how to implement and spread it, awesome to hear that > that you beat me to it :-) :) It was actually Kai Engert who made the initial sugge

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ondrej Mikle writes: >How do MitM boxes react when they MitM connection to a server with self- >signed cert (or cert issued by an obsure CA not trusted by MitM box)? For one example, see http://wikileaks.org/spyfiles/docs/bluecoat/219_blue-coat-systems-reference-guide-ssl-proxy.html and http:/

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 12/04/11 12:21, Ralph Holz wrote: > Hi, > >> Hypothetical question: assume enough people get educated how to spot the MitM >> box at work/airport/hotel. Let's say few of them post the MitM chains >> publicly >> which point to a big issuing CA. It was said (by Peter I think) that nothing >> wou

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Hi, > Hypothetical question: assume enough people get educated how to spot the MitM > box at work/airport/hotel. Let's say few of them post the MitM chains publicly > which point to a big issuing CA. It was said (by Peter I think) that nothing > would likely happen to big issuing CAs (too-big-to-f

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

This thread is amazing. I've known just a fractions/hints of the practices described here. Few comments/questions inline/below. On 12/04/11 07:37, Lucky Green wrote: > Concur. The standard sub-CA contracts contain a right to audit the > number of certs issued, like any enterprise-wide software lic

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011-12-03 10:44, Kevin W. Wall wrote: > On Fri, Dec 2, 2011 at 1:07 AM, Peter Gutmann > wrote: > [snip] >> OK, so it does appear that people seem genuinely unaware of both the fact >> that >> this goes on, and the scale at which it happens. Here's how it works: >> >> 1. Your company or orga

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Fri, Dec 2, 2011 at 1:07 AM, Peter Gutmann wrote: [snip] > OK, so it does appear that people seem genuinely unaware of both the fact that > this goes on, and the scale at which it happens.  Here's how it works: > > 1. Your company or organisation is concerned about the fact that when people > g

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 12/01/2011 07:45 AM, James A. Donald wrote: ... We have to reconstruct our institutions for third world trust levels and southern European trust levels. Institutions characteristic of Europe and the old North America are no longer capable of functioning,... as a "south European" I could off

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Fri, Dec 2, 2011 at 10:02 AM, Peter Gutmann wrote: > Adam Back writes: > >>Start of the thread was that Greg and maybe others claim they've seen a cert >>in the wild doing MitM on domains the definitionally do NOT own. > > It's not just a claim, I've seen them too.  For example I have a cert i

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Adam Back writes: >Start of the thread was that Greg and maybe others claim they've seen a cert >in the wild doing MitM on domains the definitionally do NOT own. It's not just a claim, I've seen them too. For example I have a cert issued for google.com from such a MITM proxy. I was asked by th

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011-12-02 6:33 PM, Adam Back wrote: To hand over a blank cheque sub-CA cert that could sign gmail.com is somewhat dangerous. But you notice that geotrust require it to be in a hardware token, and some audits blah blah, AND more importantly that you agree not to create certs for domains you do

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Well I was aware of RA things where you do your own RA and on the CA side they limit you to issuing certs belonging to you, if I recall thawte was selling those. (They pre-vet your ownership of some domains foocorp.com, foocorpinc.com etc, and then you can issue www.foocorp.com, *.foocorp.com ..

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ben Laurie writes: >They appear to actually be selling sub-RA functionality, but very hard to >tell from the press release. OK, so it does appear that people seem genuinely unaware of both the fact that this goes on, and the scale at which it happens. Here's how it works: 1. Your company or or

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Marsh Ray writes: > Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public > Root > >[...] > > SAN FRANCISCO, RSA CONFERENCE, Feb. 14 February of which year? If it's from this year then they're really late to the party, commercial CAs have been doing this for more than a decade. T

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Adam Back writes: >Surely the SSL Observatory has these MitM sub CA certs if they exist in the >wild and are being used to create real time MitM certs for domains the issuer >certainly doesnt own. You have to be inside the captive portal to see these blue-pill certs. This is why various people

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Thu, Dec 1, 2011 at 5:11 PM, Adam Back wrote: > btw if client certs are being used or TLS-SRP ciphersuite these attacks > would not work because SSL negotiation would fail.  Unless the MitM could > create fake client certs on the fly also that would be acceptable to the > server. Right, becaus

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

It does at least say they need a certificate practice statement, and hardware key generation and storage, AND "All domains must be owned by the enterprise customer". They can sell the ability to be a sub-CA if they want to. There standards seem probably as good as your average CA and precludes M

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

http://www.trustico.com/material/DS_GeoRoot_0205.pdf Well, we'll only break the dishonest ones :-) On Thu, Dec 1, 2011 at 5:48 PM, Marsh Ray wrote: > On 12/01/2011 11:09 AM, Ben Laurie wrote: >> >> On Thu, Dec 1, 2011 at 4:56 PM, Marsh Ray >> wrote: http://www.prnewswire.com/news-

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 12/01/2011 11:09 AM, Ben Laurie wrote: On Thu, Dec 1, 2011 at 4:56 PM, Marsh Ray wrote: http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html They appear to ac

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Dec 1, 2011, at 9:09 AM, Ben Laurie wrote: > Bottom line: I'm going to believe this one someone displays a cert chain. Multiple cert chains from different environments, please. One from Boingo (I'm not traveling for a few months so I can't grab one sooner), one from a corporation using a Son

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Thu, Dec 1, 2011 at 4:56 PM, Marsh Ray wrote: > On 11/30/2011 06:44 PM, Adam Back wrote: >> >> Are there really any CAs which issue sub-CA for "deep packet >> inspection" aka doing MitM and issue certs on the fly for everything >> going through them: gmail, hotmail, online banking etc. > > > >>

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 11/30/2011 06:44 PM, Adam Back wrote: Are there really any CAs which issue sub-CA for "deep packet inspection" aka doing MitM and issue certs on the fly for everything going through them: gmail, hotmail, online banking etc. http://www.prnewswire.com/news-releases/geotrust-launches-georoot-

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2/12/11 03:26 AM, Rose, Greg wrote: On 2011 Nov 30, at 22:28 , Jon Callas wrote: On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote: I run a wonderful Firefox extension called Certificate Patrol. It keeps a local cache of certificates, and warns you if a certificate, CA, or public key changes

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011 Nov 30, at 22:28 , Jon Callas wrote: > On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote: > >> I run a wonderful Firefox extension called Certificate Patrol. It keeps a >> local cache of certificates, and warns you if a certificate, CA, or public >> key changes unexpectedly. Sort of like S

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011-12-01 2:03 PM, ianG wrote: If a CA is issuing sub-CAs for the purpose of MITMing, is this a reason to reset the entire CA? Or is it ok to do MITMing under certain nice circumstances? It seems our CA system has come to resemble our audit system and our financial system. In very white

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

If only we at least used passwords to derive secret keys for authentication protocols that could do channel binding... Sure, that'd still be weak, but it would be much, much better than what we have now. Nico -- ___ cryptography mailing list cryptograph

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Jon Callas writes: >And I presume you didn't save the cert. > >Of course, we just need to have people look for these and then save them. Cert *chain*, not cert. "Save as PKCS #7/Certificate Chain" from the browser dialog. Peter. ___ cryptography mai

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote: > I run a wonderful Firefox extension called Certificate Patrol. It keeps a > local cache of certificates, and warns you if a certificate, CA, or public > key changes unexpectedly. Sort of like SSH meets TLS. As soon as I went to my > stockbroker's

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Thu, Dec 1, 2011 at 5:32 AM, Rose, Greg wrote: > > On 2011 Nov 30, at 17:18 , Lee wrote: > >> On 11/30/11, Rose, Greg wrote: >>> >>> On 2011 Nov 30, at 16:44 , Adam Back wrote: >>> Are there really any CAs which issue sub-CA for "deep packet inspection" aka doing MitM and issue

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011 Nov 30, at 17:18 , Lee wrote: > On 11/30/11, Rose, Greg wrote: >> >> On 2011 Nov 30, at 16:44 , Adam Back wrote: >> >>> Are there really any CAs which issue sub-CA for "deep packet inspection" >>> aka >>> doing MitM and issue certs on the fly for everything going through them: >>> gmai

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

ianG writes: >On 1/12/11 15:10 PM, Peter Gutmann wrote: >> ianG writes: >>> Is this in anyway a cause for action in contract? Is this a caused for >>> revocation? >> And given that you have to ask the MITM for the revocation information, how >> would you revoke such a cert? > >Wait! Mallory has

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 1/12/11 15:10 PM, Peter Gutmann wrote: ianG writes: Is this in anyway a cause for action in contract? Is this a caused for revocation? And given that you have to ask the MITM for the revocation information, how would you revoke such a cert? Wait! Mallory has delivered Alice a valid CA-

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

ianG writes: >Is this in anyway a cause for action in contract? Is this a caused for >revocation? And given that you have to ask the MITM for the revocation information, how would you revoke such a cert? And that was "Why blacklists suck for validity checks, reason #872 in a series of 10,000 o

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 1/12/11 11:50 AM, Nathan Loofbourrow wrote: On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg > wrote: On 2011 Nov 30, at 16:44 , Adam Back wrote: > Are there really any CAs which issue sub-CA for "deep packet inspection" aka > doing MitM and issue certs o

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Adam Back writes: >Are there really any CAs which issue sub-CA for "deep packet inspection" aka >doing MitM and issue certs on the fly for everything going through them: >gmail, hotmail, online banking etc. > >[...] > >Do blue coat and other MitM proxies mentioned on this list recently actually >

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Nathan Loofbourrow writes: >On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg wrote: >> On 2011 Nov 30, at 16:44 , Adam Back wrote: >> >> > Are there really any CAs which issue sub-CA for "deep packet inspection" >> > aka >> > doing MitM and issue certs on the fly for everything going through them: >>

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 11/30/11, Rose, Greg wrote: > > On 2011 Nov 30, at 16:44 , Adam Back wrote: > >> Are there really any CAs which issue sub-CA for "deep packet inspection" >> aka >> doing MitM and issue certs on the fly for everything going through them: >> gmail, hotmail, online banking etc. > > Yes, there are.

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg wrote: > On 2011 Nov 30, at 16:44 , Adam Back wrote: > > > Are there really any CAs which issue sub-CA for "deep packet inspection" > aka > > doing MitM and issue certs on the fly for everything going through them: > > gmail, hotmail, online banking etc

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On 2011 Nov 30, at 16:44 , Adam Back wrote: > Are there really any CAs which issue sub-CA for "deep packet inspection" aka > doing MitM and issue certs on the fly for everything going through them: > gmail, hotmail, online banking etc. Yes, there are. I encountered one in a hotel at Charles de G

[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Are there really any CAs which issue sub-CA for "deep packet inspection" aka doing MitM and issue certs on the fly for everything going through them: gmail, hotmail, online banking etc. I saw Ondrej Mikle also mentions this concept in his referenced link from recent post: https://mail1.eff.org/p