[cryptography] wont CA hackers CA pin also? and other musings (Re: PKI "fixes" that don't fix PKI (part III))

Douglas Huff dhuff at jrbobdobbs.org
Sat Sep 10 15:08:59 EDT 2011

On Sep 10, 2011, at 1:46 PM, Ian G wrote:
>> Today CA compromise isn't even a, let alone the most, common way of "exploiting" the blanket trust of all CAs involved in the PKI infrastructure.
> Is the current attack an exploit? Or is it a direct attack on the infrastructure?

That's what I meant with the quotes. I was using exploit in the english not infosec sense of the word, the browser's trust in all CAs equally is what is being exploited. :)

>> The two most common methods are:
>> 1) MITM where the attacker controls the victim's network connection to some extent and redirects them to or proxies them through a different server.
> Do you have any numbers on that? I thought this was relatively rare.

No numbers, and it is rare. There's a huge disproportionate leap from phishing to *anything* else.

As an example, look at all the fun that was had at defcon this year. It's a real vs imagined or theoretical vector for selected targets and determined attackers. Especially in the "prying government eyes" case that's come up in several of these threads.

>> 2) Phishing using a similar-looking domain name.
> Yes. That's the big one in this space. Afaik.
>> In case 1 any type of pinning that is not hardcoded in the software,
> Sorry, please explain? Are you assuming that the user's machine / browser is compromised? If that is the case, isn't hard-coding just obfuscation?

If you're in a position to successfully MITM there's a good chance you can take control of their DNS responses as well. Meaning pinning via DNS/etc would actually make the method *easier* to take advantage of and more common since you no longer need to hijack before the encrypted session and redirect elsewhere or compromise a specific cert beforehand, etc. This of course depends on exactly how the pinning is done. Is it tied to a specific cert fingerprint? A specific CA fingerprint? Bringing us back to it all being about the details, which was my original point.

Douglas Huff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110910/70f18c7d/attachment.asc>

More information about the cryptography mailing list