[Cryptography] Opening Discussion: Speculation on "BULLRUN"
Joe Abley
jabley at hopcount.ca
Tue Sep 10 17:44:28 EDT 2013
On 2013-09-10, at 17:35, Ben Laurie <ben at links.org> wrote:
> On 10 September 2013 22:04, Joe Abley <jabley at hopcount.ca> wrote:
>
>> Suppose Mallory has access to the private keys of CAs which are in "the" browser list or otherwise widely-trusted.
>>
>> An on-path attack between Alice and Bob would allow Mallory to terminate Alice's TLS connection, presenting an opportunistically-generated server-side certificate with signatures that allow it to be trusted by Alice without pop-ups and warnings. Instantiating a corresponding session with Bob and ALGing the plaintext through with interception is then straightforward.
>
> CT makes this impossible to do undetected, of course.
I don't feel qualified to endorse "impossible", but for the armchair crypto spectator it does sound very much like the right thing.
Joe
More information about the cryptography
mailing list