https - hopefully not too stupid a question
zenadsl6186 at zen.co.uk
Sun Jun 17 14:57:42 BST 2012
Francis Davey wrote:
> This is the first question I have initiated on this group, so I hope
> it does not seem to be too foolish a query.
> I wondered to what extent the government could put a framework in
> place to avoid some of these, in particular the use of https. Could
> the government set things up within the UK so that certificates were
> forged so that they were able to intercept https in transit?
Yes, but they would get caught if they did it surreptitiously and often.
Either by certificate comparisons performed by the occasional nerd or
security company, or by the black boxes at the ISPs - a black box which
simply acts as a tap on the line would have different traffic
characteristics, which the ISP would notice, as they measure traffic for
peering and payment purposes.
There are a couple of other ways they might get caught too.
> Assume that the Bill gives them the legal power to require anyone in
> the UK to do anything in order to facilitate obtaining comms data
> could they use that power to require someone/anyone to issue
> certificates purporting to be for sites (like facebook)? I am not sure
> how easy it is for a state actor to do this in a way that will affect
> ordinary people.
Once caught, the offending certificate could be traced to the issuing
CA, who would then risk getting excluded from the major browser's
"trusted CA" lists - death for a CA.
Something perhaps much more interesting, in the Chinese proverbial sense
of the word, would be for the gubbmint to obtain the private keys for
the websites visited. Once they have those they can easily work out the
session keys used just from looking at traffic, without modifying it
(unless a DHE SSL/TLS suite  is used).
They could demand the keys from the websites, if they have a UK
presence, under RIPA part 3 (if the keys are dual-purpose, ie used to
establish the session key as well as for authentication, which they very
often are) - or perhaps under this new Act under some more general power.
 a DHE suite uses Diffie-Hellman to establish an Ephemeral session
key which cannot be worked out from looking at traffic, or through
subsequent demands for keys.
Each party creates an ephemeral secret (they generate a random number
and keep it secret), and the shared secret session key is worked out
from them using some clever mathematrickery without exposing those
secrets in transmission. The secrets are then discarded, and the session
is (should be ) discarded after the session.
There are DH suites which are not ephemeral (the server resuses the same
secret for all sessions, and does not delete it) - in those cases the
session keys can be worked out if the secret is made known, by demand or
> I'm not interested in whether the technically savvy are able to avoid
> such action - let us stipulate for the sake of argument that they are.
For nerds, they might be able to discourage the use of DHE suites ( by
replacing a small bit of traffic saying "I don't do that DHE suite, try
this non-DHE one instead" when establishing which suite to use at the
beginnning of a session.
That also would be found out, but it would take longer and there
wouldn't be such a big "smoking gun" as in a forged certificate MITM attack.
-- Peter Fairbrother
More information about the ukcrypto