https - hopefully not too stupid a question

Sun Jun 17 11:29:31 BST 2012

On Sat, 16 Jun 2012, Francis Davey wrote:

> I wondered to what extent the government could put a framework in
> place to avoid some of these, in particular the use of https. Could
> the government set things up within the UK so that certificates were
> forged so that they were able to intercept https in transit?

[ I'd written this basic reply before seeing Alec's more sophisticated 
one, but may as well send it anyway ]

Firstly -- although expensive and impractical -- they could MTIM traffic, 
causing browsers to display certificate warning message.  Need to educate 
everyone to not ignore such warnings - as this is TLS/SSL operating as 
designed.

However, I suspect you're interested in what circumstances an attack can 
be performed *without* causing a certificate error.  Commercial boxes are 
available, usually intended to be deployed in enterprises, for example as 
part of an attempt to prevent staff accidently downloading malware.  The 
box holds an "intermediate signing certificate", which it uses to 
on-the-fly sign a cert for every https site users access.  For this to 
work without a browser cert warning, it is necessary for a root 
certificate *which trusts the intermediate certificate installed on the 
box* to be installed on every client PC.  Enterprises control generally 
their PCs, so can do this.

Outwith the enterprise environment, however, things are a little 
different.  A govt would need to persuade a certificate authority (CA)  
to supply the intermediate signing cert.  This goes against all the rules, 
and in theory should not be allowed.

But let's say the UK govt was able to obtain such a cert.  ( a flaw in the 
existing model is *any* CA can issue such a thing, if they are hacked, or 
minded to do so - and there are a lot of CAs )

The govt _could_ keep the cert for "special occasions".  But if however 
(as seems to be suggested) they want to intercept all the data all the 
time, the following would happen:  Although browsers don't ostensibly 
throw a warning, some technically savvy people would notice certificate 
*details* changing, for every site.  In particular, the chain-of-trust 
(click the padlock to view) would be different.  At this point, word would 
get round, the game would be up, and the cert would quickly become almost 
useless.  The CA who signed the intermediate cert would almost certainly 
have their root cert pulled by the browser makers, and the CA would go out 
of business.  As noted elsewhere (Hi Jon) fear of this could well be 
sufficient to make it highly unlikely any CA would issue such a cert in 
the first place.

> Assume that the Bill gives them the legal power to require anyone in
> the UK to do anything in order to facilitate obtaining comms data

Anyone know if the UK has a local CA the govt could lean on ?  Either way, 
as I said, it would be suicide for any CA to issue such a cert.

> I'm not interested in whether the technically savvy are able to avoid
> such action - let us stipulate for the sake of argument that they are.

The events I describe above would likely involve technically savvy people, 
but the results (removing the compromised cert, and indeed removing the CA) 
would benefit everyone, including the non-savvy.

More info here:

 http://www.complicity.co.uk/blog/2012/06/spooks-in-the-middle/

I personally think it unlikely the UK govt would be stupid enough to try 
this.  If they want data on encrypted communications, I think it's more 
likely they'd use legislation to get Facebook / Twitter to store and hand 
over the data of UK users.  Assuming these companies wish to have an 
office in the UK, they would presumably have no choice but to comply.

However, as I understand it, this Bill allows for both possibilities.