On Mon, 11 Jan 2016, Peter Gutmann wrote:
That would have some pretty bad consequences. With the MITM CA cert enabled,
Borat [0] can read every Kazakh user's email, but no-one else can. With the
MITM CA blacklisted, Borat can still read every Kazakh user's email, but so
can everyone else on the planet. So the choice is between privacy against
everyone but one party, and privacy against no-one.
I don't understand why blacklisting a MITM CA would enable everyone to read
the data that passes through the MITM. Could you please explain? (It sounds
like there is either a misunderstanding on your or on my side.)
For the MITM to work, Borat will be proxying all traffic out of (and into) the
country.
If you allow the MITM cert, only Borat/the proxy can read everyone's traffic.
If you disallow the cert and turn off encryption, Borat can still read
everyone's traffic, but so can everyone else on the planet.
Who said "turn off encryption"?
The "can't connect to the site without TLS" issue isn't really there either,
Borat will connect using TLS so TLS-only sites will continue to work, it's
only the downstream users who don't get any protection.
Publishing a DNSSEC signed TLSA record would indicate TLS should be on
the connection and which public key to expect. So we'd hope the browser
would hard fail here.
Paul
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
