On 5/22/11, grarpamp <[email protected]> wrote: >> And a follow-up question if I may - how do you verify that the ssl >> connection is to the site you want & not something else? eg: >> http://www.wired.com/threatlevel/2010/03/packet-forensics/ >> What's the defense against that type of attack? > > Well if CA's are giving intermediate CA's to adversaries, and those > adversaries are issuing certs MITM on the fly in hardware... then > yeah, you've got major problems. > > Same for if the apps are bundling random CA's as trusted.
You mean like all the CAs bundled in with firefox :) > And for CA's issuing certs (same subject, different hash) on demand. > > The traditional answer to all such things is still: > - Verify and enforce the cert fingerprint, ignore the CA stuff. If my life was on the line ... yeah, I'd probably look at that. At least in the beginning. But how many different cert fingerprints would one see for something like https://mail.google.com/? Are they using the same cert for all their servers world-wide? (the context of this discussion -is- if one is using tor :) > - Verify and enforce the DNS. How does one do that using tor? > - Hope your adversaries don't pass on the above attacks and then > simply obtain the real cert and redirect your IP traffic to themselves. > > But you watch your hop count, latency and server particulars right? Of course not!! When I'm using tor the latency is all over the place, I don't even know how to look at the hop count and, with my current limited knowledge, my "server particulars" checking is if I've got a lock icon or no > Then your adversary mimics those, so... > > The only defense you have left is context, particularly human > factors. Whether in real time (a recognized voice, video, data > challenge, etc), and perhaps aided by crypto chained back to a > former, known good, session (ZRTP, etc). You're not supposed to > pass sensitive data unless you know who's on the other end of the > channel first. Which brings us full circle .. how do you verify that the ssl connection is to the site you want & not something else? > Even via Tor, people who don't have anything to worry about, generally > don't have anything to worry about, Indeed. I agree, but consider this a thought experiment - how does one use tor with a high degree of confidence that your https traffic is not being MITMed? For example, China is the great boogey-man wrt monitoring/modifying user traffic. I can add an "ExcludeNodes {cn}" to my torrc and delete all the chinese-looking CAs from my browser. Now all I've got to worry about is every other gov't and all of the malicious exit node operators (including the chinese gov't exit nodes set up outside china). Seems like not that much of an improvement :( Lee _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
