https - hopefully not too stupid a question
Chris Edwards
chris-ukcrypto at lists.skipnote.org
Sun Jun 17 11:29:31 BST 2012
On Sat, 16 Jun 2012, Francis Davey wrote:
> I wondered to what extent the government could put a framework in
> place to avoid some of these, in particular the use of https. Could
> the government set things up within the UK so that certificates were
> forged so that they were able to intercept https in transit?
[ I'd written this basic reply before seeing Alec's more sophisticated
one, but may as well send it anyway ]
Firstly -- although expensive and impractical -- they could MTIM traffic,
causing browsers to display certificate warning message. Need to educate
everyone to not ignore such warnings - as this is TLS/SSL operating as
designed.
However, I suspect you're interested in what circumstances an attack can
be performed *without* causing a certificate error. Commercial boxes are
available, usually intended to be deployed in enterprises, for example as
part of an attempt to prevent staff accidently downloading malware. The
box holds an "intermediate signing certificate", which it uses to
on-the-fly sign a cert for every https site users access. For this to
work without a browser cert warning, it is necessary for a root
certificate *which trusts the intermediate certificate installed on the
box* to be installed on every client PC. Enterprises control generally
their PCs, so can do this.
Outwith the enterprise environment, however, things are a little
different. A govt would need to persuade a certificate authority (CA)
to supply the intermediate signing cert. This goes against all the rules,
and in theory should not be allowed.
But let's say the UK govt was able to obtain such a cert. ( a flaw in the
existing model is *any* CA can issue such a thing, if they are hacked, or
minded to do so - and there are a lot of CAs )
The govt _could_ keep the cert for "special occasions". But if however
(as seems to be suggested) they want to intercept all the data all the
time, the following would happen: Although browsers don't ostensibly
throw a warning, some technically savvy people would notice certificate
*details* changing, for every site. In particular, the chain-of-trust
(click the padlock to view) would be different. At this point, word would
get round, the game would be up, and the cert would quickly become almost
useless. The CA who signed the intermediate cert would almost certainly
have their root cert pulled by the browser makers, and the CA would go out
of business. As noted elsewhere (Hi Jon) fear of this could well be
sufficient to make it highly unlikely any CA would issue such a cert in
the first place.
> Assume that the Bill gives them the legal power to require anyone in
> the UK to do anything in order to facilitate obtaining comms data
Anyone know if the UK has a local CA the govt could lean on ? Either way,
as I said, it would be suicide for any CA to issue such a cert.
> I'm not interested in whether the technically savvy are able to avoid
> such action - let us stipulate for the sake of argument that they are.
The events I describe above would likely involve technically savvy people,
but the results (removing the compromised cert, and indeed removing the CA)
would benefit everyone, including the non-savvy.
More info here:
http://www.complicity.co.uk/blog/2012/06/spooks-in-the-middle/
I personally think it unlikely the UK govt would be stupid enough to try
this. If they want data on encrypted communications, I think it's more
likely they'd use legislation to get Facebook / Twitter to store and hand
over the data of UK users. Assuming these companies wish to have an
office in the UK, they would presumably have no choice but to comply.
However, as I understand it, this Bill allows for both possibilities.
More information about the ukcrypto
mailing list