https - hopefully not too stupid a question
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sun Jun 17 17:33:07 BST 2012
Peter Fairbrother wrote:
> Something perhaps much more interesting, in the Chinese proverbial sense
> of the word, would be for the gubbmint to obtain the private keys for
> the websites visited. Once they have those they can easily work out the
> session keys used just from looking at traffic, without modifying it
> (unless a DHE SSL/TLS suite [1] is used).
Just did a little testing, deleted all non-DHE suites i my browser and
tried to connect using https - BTW, does anyone know how to find out
which suite is in use for a particular connection? For firefox
preferably, but any browser.
Anyway, GMail allows using a DHE suite, but Twitter and Facebook do not.
GMail and Twitter use https as default, Facebook on request only.
-- Peter Fairbrother
>
> They could demand the keys from the websites, if they have a UK
> presence, under RIPA part 3 (if the keys are dual-purpose, ie used to
> establish the session key as well as for authentication, which they very
> often are) - or perhaps under this new Act under some more general power.
>
> [1] a DHE suite uses Diffie-Hellman to establish an Ephemeral session
> key which cannot be worked out from looking at traffic, or through
> subsequent demands for keys.
>
> Each party creates an ephemeral secret (they generate a random number
> and keep it secret), and the shared secret session key is worked out
> from them using some clever mathematrickery without exposing those
> secrets in transmission. The secrets are then discarded, and the session
> is (should be ) discarded after the session.
>
> There are DH suites which are not ephemeral (the server resuses the same
> secret for all sessions, and does not delete it) - in those cases the
> session keys can be worked out if the secret is made known, by demand or
> otherwise.
>
>>
>> I'm not interested in whether the technically savvy are able to avoid
>> such action - let us stipulate for the sake of argument that they are.
>
> For nerds, the gubbmint might be able to discourage the use of DHE suites ( by
> replacing a small bit of traffic saying "I don't do that DHE suite, try
> this non-DHE one instead" when establishing which suite to use at the
> beginnning of a session.
>
> That also would be found out, but it would take longer and there
> wouldn't be such a big "smoking gun" as in a forged certificate MITM
> attack.
>
>
> -- Peter Fairbrother
>
>>
>> Thanks.
>>
>
>
>
More information about the ukcrypto
mailing list