[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Ben Laurie ben at links.org
Tue Sep 10 17:35:05 EDT 2013


On 10 September 2013 22:04, Joe Abley <jabley at hopcount.ca> wrote:

> Suppose Mallory has access to the private keys of CAs which are in "the"
> browser list or otherwise widely-trusted.
>
> An on-path attack between Alice and Bob would allow Mallory to terminate
> Alice's TLS connection, presenting an opportunistically-generated
> server-side certificate with signatures that allow it to be trusted by
> Alice without pop-ups and warnings. Instantiating a corresponding session
> with Bob and ALGing the plaintext through with interception is then
> straightforward.
>

CT makes this impossible to do undetected, of course.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130910/c85e52d9/attachment.html>


More information about the cryptography mailing list