Am 22.10.23 um 12:23 schrieb Paul Menzel via mailop:
It was interesting and surprising to me, as the common perception is, that SSL certificates protect against MiTM attacks as it should provide authenticity.
The weak point of SSL certificates is that clients are willing to accept new certs for the same domain as long as their signature path is correct (ending at one of the trusted root CAs). State-level agents may have ways of obtaining a certificate for a third party from a trusted authority, as long as they convince the authority that their interception request is lawful.
What can clients do to prevent MitM attacks? I think (but have no in-depth knowledge) that pinning a trusted certificate should work (one that you trust due to external witnesses, not certification authorities that may be subject to Llaw enforcement exceptions). A new certificate for a communication partner should only be accepted if you get similar confirmation that this one is valid, too.
This is a weakness in the public key infrastructure based on trusted authorities - and I believe that this weakness isn't accidental, but is present for exactly the purpose of allowing "lawful interception".
For known trusted communication partners, you can install the certificate of their own CA (which is easy and well-supported) and disable acceptance of certificates from other CAs for the given domain (which may or may not be supported, depending on the TLS stack used, but that's the "pinning" that I believe should be possible but have no direct knowledge about).
A P2P certificate signing system such as the PGP web of trust may work to avoid interception, but I don't think it really scales well. And don't get me wrong, I'm not against lawful interception when it's used to prosecute and possibly prevent serious crimes, but the judgement of what constitutes serious crimes may differ between different people and agencies.
Cheers, Hans-Martin
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
