nationwide interception of Facebook & webmail login credentials in Tunisia
Ian Batten
igb at batten.eu.org
Tue Jan 25 20:24:58 GMT 2011
On 25 Jan 2011, at 16:18, Passive PROFITS wrote:
> That would not deal with the falsifying of certificates. Assuming the code-base of this is not intentional corrupt, the addition of an extension such as certpatrol is also required (a firefox extension), to notify one when the SSL cert swap by the government/ISP (using the browser accepted as 'true' passported C.A.(s) under their control) has taken place (a MiTM is in progress notification function). The other known way would be manual/local (each time) inspection of the cert fingerprint(s). e.g. you note Facebook's fingerprint then check each time it's got the same 'print. Then (once under notice the hack is under progress) you could retreat, or start playing your own pre-planned counter-measures ... depending on the peril of the situation, tactics, etc, call the government, depending on the nature of your business, etc.
There's been some recent, if un-startling, discussion of this: http://www.freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-authority-trust-model
I suspect that once you have more than a handful of CAs, it's for practical purposes impossible to get any meaningful assurance that they are all legitimate. If CAs delegate their authority, it's difficult to even know that certificates whose chain of trust goes back to a CA you trust was actually issued by that CA. And for as long as any CA can issue a certificate in any name, any domain can be subverted by any one of the CAs.
Which means that certificates are as weak as the weakest CA you trust, unless that CA in turn trusts a yet weaker CA.
I've not looked at this in detail (perhaps I should) but I think it's possible in most browsers to trust _no_ CAs and yet trust individual certificates, which might have the required semantics: when a certificate is encountered, you check it (by whatever out of band mechanism you deem appropriate) and then add it to your certificate store, but you do not add its certifying keys.
ian
More information about the ukcrypto
mailing list