Re: [SLUG] proxy stuff...

Sat, 15 Feb 2003 02:15:27 -0800 

On Sat, 2003-02-15 at 20:46, [EMAIL PROTECTED] wrote:
> On 14 Feb 2003 22:50:27 +1100
> Robert Collins <[EMAIL PROTECTED]> wrote:
> 
> 
> > Interception of TCP streams breaks the end to end semantics of TCP. This
> > raises issues - 
> > 1) Trust. The web browser can no longer trust the results it recieves.
> 
> Robert,
> Lots of good points I never have considered.
> 
> But surely trust is broken with any proxy, transparent or not.

There's broken and broken. SSL wasn't a specific topic for the
transparent proxy discussion - because one cannot redirect port 443
without the client co-operation (i.e. for a de/re-crypting proxy that
implements inspection for an organisation).

However, there is TLS via the Upgrade header (which switches from normal
HTTP to a TLS tunnel on a extant TCP connection - and allows virtual
hosting with encryption :]). Now, TLS via the upgrade header is a
HOP-to-HOP encryption approach. This means that when the client *knows*
there is a proxy, it will do the following to ensure it has an encrypted
link:

1)Request a tunnel (CONNECT method) to the origin webserver, then
2)Request TLS over the tunnel.
ASCII art time:
Client<-- HTTP CONNECT-->Proxy
      <---- CONNECT Tunnel ---->Origin
      <---- HTTP w/TLS -------->Origin


Without a proxy, it will simply request TLS.
Client <-- HTTP w/TLS -->Intercepting Proxy
                             \---  HTTP plaintext -->Origin
BUT! The client thinks it has:

Client <-----HTTP w/TLS ---------> Origin

So, interception here will lead to information disclosure: the proxy
will not know that it needs to request via TLS, and the client will only
encrypt to and from the proxy. The client will *also* send all it's data
in the (false) confidence that it is encrypted. Now, this is where you
say "but, won't the public key verification for the proxy fail to match
that of the requested web site?" Yes, it will fail, and as long as the
web server is meant to be signed, that's ok (but hard for the
interceptor to explain). For self-signed sites though... (i.e. webmin)
this can be very misleading.

> You can even attack SSL connections under some circumstances.

Yep :[.

Rob

-- 
GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to