New Research Suggests That Governments May Fake SSL Certificates

Jerry Leichter leichter at lrw.com
Thu Mar 25 21:42:36 EDT 2010 

On Mar 25, 2010, at 8:05 AM, Dave Kleiman wrote:
> March 24th, 2010 New Research Suggests That Governments May Fake SSL  
> Certificates
> Technical Analysis by Seth Schoen http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl
>
> ""Today two computer security researchers, Christopher Soghoian and  
> Sid Stamm, released a draft of a forthcoming research paper in which  
> theypresent evidence that certificate authorities (CAs) may be  
> cooperating with government agencies to help them spy undetected on  
> "secure" encrypted communications....
While the paper provides a nice analysis and description of the  
situation, what surprises me most about it is ... that anyone was  
surprised.  Hardware to support man-in-the-middle splicing of HTTPS  
sessions has been available in the marketplace for several years.   
They are sold by companies like Bluecoat who build appliances to  
monitor incoming and outgoing traffic at the interconnection points  
between corporate networks and the greater Internet.  They're sold as  
means to monitor and control what sites can be accessed (they block  
things like gambling sites, pornography - whatever the corporation  
doesn't want its employees browsing from work) and also inspect the  
data for auditing/information leakage control purposes.

In the corporate environment, where desktops/laptops are managed, the  
way such a device is given the ability to do MitM attacks is  
straightforward:  The corporation simply pushes a new root CA - for a  
CA that actually lives inside the intercept device - into the  
browser's pool.  The device can then generate and sign any certs it  
needs to to wedge into any HTTPS session invisibly.  Even when the  
corporation allows personal machines onto the network, it will often  
require users to accept a corporate CA for access to internal sites.   
Of course, since browsers only have one pool of CA's, once you've  
accepted that CA, you've accepted invisible MitM attacks by the  
monitoring device.

Since the techniques and hardware for doing this has been around for a  
while, it should come as no surprise that someone would notice that  
governments are another good market - in fact, one that tends to be  
fairly price-insensitive.  It's distressing how much government  
intrusion technology is basically relabeled corporate security/ 
compliance technology.

Governments may or may not be in a position to force CA's onto a  
machine, so it would be natural for them to compel existing CA's, as  
the paper rightly points out.
                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list