Fwd: [IP] Re: Surveillance via bogus SSL certificates
R.A. Hettinga
rah at shipwright.com
Thu Mar 25 04:45:25 PDT 2010
Begin forwarded message:
> From: David Farber <dave at farber.net>
> Date: March 24, 2010 7:55:47 PM AST
> To: "ip" <ip at v2.listbox.com>
> Subject: [IP] Re: Surveillance via bogus SSL certificates
>
>
>
> Begin forwarded message:
>
> From: Matt Blaze <mab at crypto.com>
> Date: March 24, 2010 7:49:00 PM EDT
> To: dave at farber.net
> Cc: "ip" <ip at v2.listbox.com>
> Subject: Re: [IP] Re: Surveillance via bogus SSL certificates
>
>
> On Mar 24, 2010, at 7:32 PM, David Farber wrote:
>
>>
>>
>> Begin forwarded message:
>>
>> From: "Ed Gerck, Ph.D." <egerck at nma.com>
>> Date: March 24, 2010 4:29:40 PM EDT
>> To: dave at farber.net
>> Cc: ip <ip at v2.listbox.com>
>> Subject: Re: [IP] Surveillance via bogus SSL certificates
>>
>>
>>>> Chris Soghoian and Sid Stamm published a paper today that describes a
simple "appliance"-type box, marketed to law enforcement and intelligence
agencies in the US and elsewhere, that uses bogus certificates issued by *any*
cooperative certificate authority to act as a "man-in-the-middle" for
encrypted web traffic.
>>
>>
>> This may have a political flair but is not new technical information, in
spite of the authors' claim. For example, it was mentioned early this year in
this list (see "rogue certificates" in the "SSL would prevent it" thread) and
ten years ago I presented a paper at the Red Hat Conference, that said: "The
CA paradigm is thus, essentially, to rely on an authentication chain that ends
in a ... CA that eventually certifies itself. Therefore, the validity problem
is shifted from a local perspective to a global perspective, with the whole
chain depending on one final link. At the end, ignorance (and the possibility
of fraud) is leveraged to a high degree, in which one weak link may compromise
a whole chain of certificates." with copy online at
http://mcwg.org/mcg-mirror/cert.htm
>>
>> Best regards,
>> Ed Gerck
>>
>>
>>
>
> Huh? I don't believe that anyone (certainly not me, and not the authors of
the paper I linked to, with which I have no connection) is claiming that the
fact that a bogus certificate from a rogue CA be a threat, is new. I'm not
sure who Mr. Gerck thinks is claiming such a thing.
>
> Indeed, when my colleagues and I developed the trust management model almost
15 years ago we did so partly because we understood precisely this limitation
of the identity certification model.
>
> What's surprising here is the fact that apparently law enforcement and
intelligence agencies (and who knows who else) have access to commercially
available, turnkey products that exploit their ability to use any one multiple
CAs trusted by web browsers.
>
> -matt
>
>
> mab blogs at http://www.crypto.com/blog
>
>
>
>
>
>
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com
More information about the cypherpunks-legacy
mailing list