man in the middle, SSL

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Sat Feb 3 11:19:53 EST 2007


James Muir wrote:
> It is my understanding that SSL is engineered to resist mitm attacks, so
> I am suspicious of these claims.  I wondered if someone more familiar
> with SSL/TLS could comment.
> Isn't in the case that the application doing SSL on the client should
> detect what this proxy server is doing and display a warning to the user?

There's nothing new or interesting about this; SSL MITM tools have been
around for a long time. When you're connecting to a website via SSL, you
have no out of band knowledge of the certificate that the server is
supposed to use (e.g. you can't query DNS and get the certificate
fingerprint). SSL clients generally do three checks on the server cert:
they verify it's still valid on today's date, that the name in the cert
matches the server you're connecting to, and that you trust the CA that
issued the cert.

An SSL MITM proxy can trivially satisfy two of those three checks. If an
attacker had sufficiently strong incentive and a specific target site,
presumably he could satisfy the third as well (get a "trusted" CA to
sign a bogus cert for the server in question -- remember Microsoft from
a few years back).

So yes, in the general case, the web browser will notice the MITM, and
inform the user that two checks pass and one fails. And almost all users
will hit "continue" and not care, because they don't understand SSL or
the risks involved. They shouldn't have to, either; it's for this reason
that I think SSL is just altogether broken in the way we use it on the
web. It passes the technical requirements, but utterly fails at being a
usable security technology.

-- 
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list