[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Nico Williams nico at cryptonector.com
Thu Dec 1 18:54:16 EST 2011

On Thu, Dec 1, 2011 at 5:11 PM, Adam Back <adam at cypherspace.org> wrote:
> btw if client certs are being used or TLS-SRP ciphersuite these attacks
> would not work because SSL negotiation would fail.  Unless the MitM could
> create fake client certs on the fly also that would be acceptable to the
> server.

Right, because those involve a channel binding (internal to the channel itself).

OBC doesn't detect the MITM though if the MITM re-writes the cookies
in the requests and responses.  In particular, if passwords are POSTed
in forms, the MITM gets them, though if origin bound cookies are
already in use by that point then the MITM has to rewrite them.


More information about the cryptography mailing list