[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

[Peter Gutmann]

Ondrej Mikle <ondrej.mikle at nic.cz> writes:

>How do MitM boxes react when they MitM connection to a server with self-
>signed cert (or cert issued by an obsure CA not trusted by MitM box)? 

For one example, see
http://wikileaks.org/spyfiles/docs/bluecoat/219_blue-coat-systems-reference-guide-ssl-proxy.html
and 
http://wikileaks.org/spyfiles/docs/bluecoat/246_blue-coat-systems-deployment-guide-deploying-the-ssl-proxy.html.

In general it looks like it's a mixture of "it's configurable" and "it depends
on the vendor" (the above only tells you what Bluecoat do).  Interesting to
note that the Bluecoat hardware has problems MITM-ing Windows Update, because
Microsoft apply the quite sensible measure of only allowing something signed
by a known Windows Update cert (or at least on a Microsoft-supplied trust
list), rather than any old cert that turns up as long as it's signed by some
CA somewhere.  I've heard of a similar approach proposed for smartphone mobile
banking apps, you hardcode in a cert that's used to verify a whitelist of
known-good certs for banks (more or less like Microsoft's CTLs), and then it
doesn't matter what certs the CAs sign because if it's not on the CTL then it
doesn't get trusted.

>Given the state of security/auditing of "private sub-CAs" as described, was
>there ever a report of a breach (e.g. stolen key, fraudulently issued certs)?

You're joking, right?

Peter.
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE