https - hopefully not too stupid a question

Peter Fairbrother zenadsl6186 at zen.co.uk
Sun Jun 17 17:33:07 BST 2012


Peter Fairbrother wrote:

> Something perhaps much more interesting, in the Chinese proverbial sense 
> of the word,  would be for the gubbmint to obtain the private keys for 
> the websites visited. Once they have those they can easily work out the 
> session keys used just from looking at traffic, without modifying it 
> (unless a DHE SSL/TLS suite [1] is used).

Just did a little testing, deleted all non-DHE suites i my browser and 
tried to connect using https - BTW, does anyone know how to find out 
which suite is in use for a particular connection? For firefox 
preferably, but any browser.


Anyway, GMail allows using a DHE suite, but Twitter and Facebook do not. 
GMail and Twitter use https as default, Facebook on request only.

-- Peter Fairbrother


> 
> They could demand the keys from the websites, if they have a UK 
> presence, under RIPA part 3 (if the keys are dual-purpose, ie used to 
> establish the session key as well as for authentication, which they very 
> often are) - or perhaps under this new Act under some more general power.
> 
> [1] a DHE suite uses Diffie-Hellman to establish an Ephemeral session 
> key which cannot be worked out from looking at traffic, or through 
> subsequent demands for keys.
> 
> Each party creates an ephemeral secret (they generate a random number 
> and keep it secret), and the shared secret session key is worked out 
> from them using some clever mathematrickery without exposing those 
> secrets in transmission. The secrets are then discarded, and the session 
> is (should be ) discarded after the session.
> 
> There are DH suites which are not ephemeral (the server resuses the same 
> secret for all sessions, and does not delete it) - in those cases the 
> session keys can be worked out if the secret is made known, by demand or 
> otherwise.
> 
>>
>> I'm not interested in whether the technically savvy are able to avoid
>> such action - let us stipulate for the sake of argument that they are.
> 
> For nerds, the gubbmint might be able to discourage the use of DHE suites ( by 
> replacing a small bit of traffic saying "I don't do that DHE suite, try 
> this non-DHE one instead" when establishing which suite to use at the 
> beginnning of a session.
> 
> That also would be found out, but it would take longer and there 
> wouldn't be such a big "smoking gun" as in a forged certificate MITM 
> attack.
> 
> 
> -- Peter Fairbrother
> 
>>
>> Thanks.
>>
> 
> 
> 




More information about the ukcrypto mailing list