[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Dec 4 07:08:17 EST 2011


Ondrej Mikle <ondrej.mikle at nic.cz> writes:

>How do MitM boxes react when they MitM connection to a server with self-
>signed cert (or cert issued by an obsure CA not trusted by MitM box)? 

For one example, see
http://wikileaks.org/spyfiles/docs/bluecoat/219_blue-coat-systems-reference-guide-ssl-proxy.html
and 
http://wikileaks.org/spyfiles/docs/bluecoat/246_blue-coat-systems-deployment-guide-deploying-the-ssl-proxy.html.

In general it looks like it's a mixture of "it's configurable" and "it depends
on the vendor" (the above only tells you what Bluecoat do).  Interesting to
note that the Bluecoat hardware has problems MITM-ing Windows Update, because
Microsoft apply the quite sensible measure of only allowing something signed
by a known Windows Update cert (or at least on a Microsoft-supplied trust
list), rather than any old cert that turns up as long as it's signed by some
CA somewhere.  I've heard of a similar approach proposed for smartphone mobile
banking apps, you hardcode in a cert that's used to verify a whitelist of
known-good certs for banks (more or less like Microsoft's CTLs), and then it
doesn't matter what certs the CAs sign because if it's not on the CTL then it
doesn't get trusted.

>Given the state of security/auditing of "private sub-CAs" as described, was
>there ever a report of a breach (e.g. stolen key, fraudulently issued certs)?

You're joking, right?

Peter.



More information about the cryptography mailing list