On Tue, 10 Sep 2013 17:04:51 -0400 Joe Abley <jab...@hopcount.ca>
> On 2013-09-09, at 12:04, "Salz, Rich" <rs...@akamai.com> wrote:
> > then maybe it's not such a "silly accusation" to think that
> > root CAs are routinely distributed to multinational secret
> > services to perform MITM session decryption on any form of
> > communication that derives its security from the CA PKI.
> > 
> > How would this work, in practice?
> Suppose Mallory has access to the private keys of CAs which are in
> "the" browser list or otherwise widely-trusted.
> An on-path attack between Alice and Bob would allow Mallory to
> terminate Alice's TLS connection, presenting an
> opportunistically-generated server-side certificate with signatures
> that allow it to be trusted by Alice without pop-ups and warnings.

Note that the apparent attacks against Petrobras, SWIFT and others
disclosed a few days ago appear to have used precisely this attack.

Perry E. Metzger                pe...@piermont.com
The cryptography mailing list

Reply via email to