[tor-talk] How evil is TLS cert collection?

Sun Mar 20 20:05:44 PDT 2011

Thus spake coderman (coderman at gmail.com):

> > The brief summary is that it will be submitting rare TLS certificates
> > through Tor to EFF for analysis and storage. We will also leverage the
> > database of certificates to provide notification in the event of
> > targeted MITM attacks**.
> >
> > I am trying to decide if this is a bad thing to enable by default for
> > users.
> 
> if EFF was presented with a national security letter or other legal
> demand under seal demanding the existence of a given certificate not
> be exposed, would they be bound to not present a MITM alert for that
> cert?

Leaving this for pde and/or Seth.

> (said another way, could this potentially be a false sense of
> security, if all trust for anomaly notification was placed in the EFF
> alone?)

The reality is we won't have the Firefox APIs to actually prevent
content load after certificate inspection any time soon, so it's not
feasible to trust this as your only security measure. Monsterous hacks
might make this possible sooner, though...

On a timescale where we can provide real security rather than just
analysis and post-pwnage notification, we can build multiple databases
to submit to/query, just like Perspectives. 

There's also no real reason why you can't use both Perspectives and
HTTPS-Everywhere. Then you can get both of our half-assed
after-the-fact notifications that you were owned :)

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE