Roy M. Silvernail[SMTP:roy@scytale.com] Given internet access from a private intranet, through an HTTP proxy out of the user's control, is it possible to establish a secure tunnel to an outside server? I'd expect that ordinary SSL connections will secure user <-> proxy and proxy <-> server separately, with the proxy able to observe cleartext. Could an SSH connection be made under these conditions? [...]
The default behavior for an SSL proxy is to pass the encrypted bytes back and forth, allowing you to connect all the way to the other server. However, it is possible for the proxy to have its own CA which has been added to your browser. Then it acts as a man in the middle and pretends to be the remote host to you, and vice versa. In that case, it works as you describe, watching the data during its interim decryption. Typically, the proxy would give you generic certificates (like "*.com"), but it could conceivably generate a certificate for each site you visit ("secure.yahoo.com", etc.). The way to tell would be to look at the issuing authority according to your browser - if it's one of the public ones, like Thawte, you've got a connection to the far end. If it's "Th4wt3", or your company's, the proxy is probably watching. Incidentally, another company that does private browsing over SSL is www.orangatango.com (along with other nifty anonymizing stuff). -J
On Tue, Jul 23, 2002 at 06:11:04PM +0000, Jason Holt wrote:
The default behavior for an SSL proxy is to pass the encrypted bytes back and forth, allowing you to connect all the way to the other server.
This isn't just the default behavior; it's the only defined behavior right?
However, it is possible for the proxy to have its own CA which has been added to your browser. Then it acts as a man in the middle and pretends to be the remote host to you, and vice versa. In that case, it works as you describe, watching the data during its interim decryption.
While it's _possible_ to do this, I've never heard of a server hosted application that advertises that it's doing this. I would think it would be quite hard to get a CA to issue you a certificate if this is what you intended to do with it (act as a general MITM on SSL connections you proxy). There have been applications which do this locally eg. a no longer shipped product called SafePassage by c2.net, and achilles a SSL debugger both of which are local proxies and both of which ask the user to install a certificate allowing this when they are installed. The installed certificate is self-signed however, and not issued by a CA, as it is only valid for that user machine anyway, the user won't want to buy a cert to authenticate information to their own machine, it would be less secure to do so, and the user won't want to pay for this certificate.
Typically, the proxy would give you generic certificates (like "*.com"),
Is there any software actually doing this? (I know wild card certs are available, but would think a wild card cert on .com would be a very dangerous thing for a CA to issue, and you'd hope browsers would be smart enough to reject such certs).
but it could conceivably generate a certificate for each site you visit ("secure.yahoo.com", etc.).
This is what SafePassage et al do. Adam
Adam Back wrote:
On Tue, Jul 23, 2002 at 06:11:04PM +0000, Jason Holt wrote:
The default behavior for an SSL proxy is to pass the encrypted bytes back and forth, allowing you to connect all the way to the other server.
This isn't just the default behavior; it's the only defined behavior right?
However, it is possible for the proxy to have its own CA which has been added to your browser. Then it acts as a man in the middle and pretends to be the remote host to you, and vice versa. In that case, it works as you describe, watching the data during its interim decryption.
While it's _possible_ to do this, I've never heard of a server hosted application that advertises that it's doing this. I would think it would be quite hard to get a CA to issue you a certificate if this is what you intended to do with it (act as a general MITM on SSL connections you proxy).
Errr - its tricky anyway, coz the cert has to match the final destination, and, by definition almost, that can't be the proxy. I believe its pretty common for server farms to use SSL-enabled reverse proxies where the SSL terminates at the proxy. Different scenario, though. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Ben Laurie wrote: || Errr - its tricky anyway, coz the cert has to match the final || destination, and, by definition almost, that can't be the proxy. provided you can impose a CA cert onto the user browser (not hard in a corporate environment) it isn't as if signing a certificate "on the fly" is hard - consider the following 1. proxy has CA private key A and SSL public key B 2. client requests connect to SSL on xxx.yyy.zzz.com 3. proxy uses OpenSSL library to create certificate for xxx.yyy.zzz.com on the fly (with Public key B) signed by CA key A 4. proxy opens SSL link to xxx.yyy.zzz.com 5. if step 4 succeeds, proxy sends cert to client 5. client checks cert against its own local copy of public key A (from its root cert dir) which claims to be "thawte, inc" 6. client approves link and negotiates SSL with proxy 7. proxy links its connection to xxx.yyy.zzz.com to inbound client connection 8. proxy passes (and logs) packets
On Tue, 23 Jul 2002, Adam Back wrote: [...]
However, it is possible for the proxy to have its own CA which has been added to your browser. Then it acts as a man in the middle and pretends to be the remote host to you, and vice versa. In that case, it works as you describe, watching the data during its interim decryption.
While it's _possible_ to do this, I've never heard of a server hosted application that advertises that it's doing this. I would think it would be quite hard to get a CA to issue you a certificate if this is what you intended to do with it (act as a general MITM on SSL connections you proxy). [...]
I don't know of any other real-world examples. Rescorla mentions the technique on pp. 316-319 of "SSL and TLS". Certainly Thawte isn't going to issue such wildcard certs, for exactly the reasons you mention. That's why you (or your government, or company, or whoever keeps an eye on you) create your *own* CA and tell your browser to trust it. Then it'll accept the wildcard certs without complaint. -J
participants (4)
-
Adam Back -
Ben Laurie -
Dave Howe -
Jason Holt