https - hopefully not too stupid a question

Sun Jun 17 07:48:11 BST 2012

On 16 Jun 2012, at 23:56, Francis Davey wrote:

> I wondered to what extent the government could put a framework in
> place to avoid some of these, in particular the use of https. Could
> the government set things up within the UK so that certificates were
> forged so that they were able to intercept https in transit?

Yes it is theoretically possible in the UK for the state to man-in-the-middle some SSL communications quite easily, however:

- "man in the middle" (MITM) requires you to be *in* the middle of the relevant communication; 

- therefore it's easiest when you can park your equipment immediately upstream of one of the two endpoints, or you can guarantee that the communication you desire to intercept will pass through a section of core network which you control; the latter is harder...

- therefore it's most economical when you are MITM-ing all the SSL traffic coming from one user (by interposing yourself between the Internet and their specific communications devices/DSL) or all of the traffic going into one site (e.g.: some UK host, or anything leaving the UK en-route for Google.com and passing through the transatlantic fibres)

- otherwise you rapidly run into a N-squared / N x M problem where you have to interpose yourself *everywhere* and *ubiquitously* which would be massively expensive

MITM can sometimes be found out nowadays because a small number of people are running technologies like Convergence (See: http://www.youtube.com/watch?v=Z7Wl2FW2TcA - I consider this a must-see video for the perspective it imparts) which eschews the trust model of Certificate Authorities in favour of a real-time check that the certificate you see for GMail in the UK is the same as is presented in the USA, Canada, Finland, Russia, Brazil…  i.e.: that nobody is lying to you without lying to them as well.   

Ben Laurie / Google also have some ideas towards some of the same risks (http://www.imperialviolet.org/2011/11/29/certtransparency.html) - my personal opinion of which is that they have a point but their threat model does not take adequate consideration of state-based MITM; so I'd like to have both certificate-pinning *and* convergence monitoring, please.

So for the moment I would consider blanket state-based SSL MITM to be a risk for "people of interest" to the state, but not for the population as a whole; basically they could park some device similar to this:

	http://arstechnica.com/business/2012/02/critics-slam-ssl-authority-for-minting-cert-used-to-impersonate-sites/

…upstream of the user, which (because of the architecture of trust defined by the Certificate Authority model) can only be defended against at large by less-than-concrete means:

	http://www.theregister.co.uk/2012/02/14/trustwave_analysis/

But for cost and integration reasons I would imagine that for the "maintenance" of interception capabilities the banning VPNs and Tor is a far more likely pan-UK risk in the short to medium term.

> Assume that the Bill gives them the legal power to require anyone in
> the UK to do anything in order to facilitate obtaining comms data
> could they use that power to require someone/anyone to issue
> certificates purporting to be for sites (like Facebook)?

Yes, although given what happened to Stuxnet it is probably possible to just fake one up if the goal is important enough:

  http://threatpost.com/en_us/blogs/flame-attackers-used-collision-attack-forge-microsoft-certificate-060512

…but legal coercion / "let us plug in this magic box for a while" is a much cheaper alternative.

	-a