[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

Adam Back adam at cypherspace.org
Fri Dec 2 06:18:24 EST 2011


Now we're getting somewhere.  If this is going on even the policy
enforcement aspect of CAs is broken...  CAs are subverting their own
certification practice statement.  The actions taken by the user of the
sub-CA cert are probably illegal also in the US & europe where there are
expectations of privacy in work places (and obviously public places).

More below:

On Fri, Dec 02, 2011 at 11:02:14PM +1300, Peter Gutmann wrote:
>Adam Back <adam at cypherspace.org> writes:
>
>>Start of the thread was that Greg and maybe others claim they've seen a cert
>>in the wild doing MitM on domains the definitionally do NOT own.
>
>It's not just a claim, I've seen them too.  For example I have a cert issued
>for google.com from such a MITM proxy.  

a public MitM proxy?  Or a corporate LAN.

>I was asked by the contributor not to reveal any details on it because it
>contains the name and other info on the intermediate CA that issued it, but
>it's a cert for google.com used for deep packet inspection on a MITM proxy. 

That intermediate CA needs publishing, and the CA that issued it.  SSL
Observatory ought to take an interest in finding catalogging and publishing
all of these both public, corporate and government/law-enforcement.  It
breaks a clear expectation of security and privacy the user, even very
sophisitcated user, has about privacy of their communications.

>>The real question again is can we catch a boingo or corp lan or government
>>using a MitM sub-CA cert, and then we'll know which CA is complicit in issuing
>>it, and delist them.
>
>Given that some of the biggest CAs around sell private-label CA certs, you'd
>end up shutting down half the Internet if you did so.

There is an important difference between:

1. private label sub-CA (where the holder has signed an agreement not to
issue certs for domains they do not own - I know its policy only, there is
no crypto enforced mechanism, but thats the same bar as the main CAs
themselves).

2. corporate LAN SSL MitM (at least the corporation has probably a contract
with all users of the LAN waiving their privacy).  Probably even then its
illegal re expectation of privacy in workplace in most contexts in US &
Europe.

3. public provider SSL MitM - if your ISP, wifi hotspot, 3g data prov, is
doing this to you, paid or free, thats illegal IMO.  Heads should roll up
the CA tree.

4. government SSL MitM - we need to know which CAs have issued MitM sub-CAs
for places like Iran, Syria, pre-revolution Egypt etc.  If the CA isnt owned
by their local government or local company that they leant on, heads need to
roll.  Similar if US and European governments and Law Enforcement have been
up to this, we need to know.

Obviously the most interesting ones are 3 & 4.  But Peter says he has
evidence 2 (LAN mitm) is going on in the name of deep packet inspection I
guess in corporate LANs and that itself employees should be aware of that.

Adam



More information about the cryptography mailing list