nationwide interception of Facebook & webmail logincredentials in Tunisia
igb at batten.eu.org
Sun Feb 6 19:25:52 GMT 2011
On 5 Feb 2011, at 18:27, M J D Brown wrote:
> A recent experience has illuminated the CA trust problem for me.
> the installation and configuration of a Netgear NAS the default
> assumption of its manufacturer-provided certificate resulted in an
> complaint by IE8. Having generated a new certificate and key using
> NAS internal firmware, Windows XP then asked me whether to trust the
> internal LAN URL of the NAS device as the certificate issuing
> I know that nobody else can access the NAS admin area, because only I
> have the key, and data transmissions are encrypted across the LAN
> is hiding behind a hardware firewall that Shields Up does not
> Accordingly I approved the request. As a rhetorical question: was I
Another problem is also that it's quite subtle to figure out precisely
what you're agreeing to.
The intention is for your relationship with the NAS box is bound to
the certificate, so if something purporting to be your NAS box can't
present that certificate "something has gone wrong". But that
doesn't require a certificate authority per se, it just requires that
the particular certificate is accepted. What you really, really don't
want is to accept the certificate as an authority for anything it
happens to sign, because there are a lot of ways that could be
For example, imagine I control the firmware of an ADSL router. It
would be trivial to generate a certificate to use to sign the
administrative key, and then send the private signing key to my
disused volcano lair. I can then use the fact that the victims have
accepted that key to forge SSL connections to their banks.
You and I know the difference between trusting a certificate and
trusting anything signed by that certificate, but most people don't.
Encouraging end users to manipulate their certificate store is not
likely to be a happy story.
More information about the ukcrypto