[Cryptography] self-MITMing my own TLS connection ...

Emin Gün Sirer el33th4x0r at gmail.com
Tue Feb 17 18:23:41 EST 2015


This sounds like a great counterpart to Virtual Notary (
http://virtual-notary.org), the online witness and attestor to digital
factoids that we have been running for a few years now. Combining tlsnotary
with VN, to be able to attest to non-public factoids, sounds like an
interesting project.

- egs


On Tue, Feb 17, 2015 at 7:04 AM, ianG <iang at iang.org> wrote:

> Interesting case study of where the market for MITMs is going...
>
>
>
> https://tlsnotary.org/
>
> How it Works
>
> A user, called the 'auditee', wants to prove to another user, called the
> 'auditor', a certain fact attested to by an organisation (a bank, a
> government, a company etc.). This fact could be a monetary balance on an
> account, the fact of a money transfer, a particular set of identity
> information such as address, amongst others. The auditor and auditee create
> an encrypted messaging connection between each other over some neutral
> communication channel (such as IRC). The auditee connects to the website as
> normal and logs in, and then browses to the specific page that proves the
> required information. Then the auditor and auditee use their encrypted
> connection to negotiate secrets for the SSL/TLS session such that the
> auditor can find out what is on the page that the auditee loads, without
> gaining control of the connection or seeing the auditee's login details.
> The diagram below gives the outline of what happens.
>
> https://tlsnotary.org/images/walkthrough_diagram_simplified.svg
>
> white paper: https://tlsnotary.org/TLSNotary.pdf
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150217/3e7b4f89/attachment.html>


More information about the cryptography mailing list