[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Bushmanov Romanov bakdafu at gmail.com
Thu Sep 22 13:37:41 EDT 2011


The way you position yourself in the network infra-structure is of
very importance when doing data collection.

Users of a given ISP may have rogue certificates while others at the
same country but another ISP may not. We as researchers need to
position ourselves at different network scopes in order to detect more
efficiently rogue certificates and thus identifying more effectively
doubtful CA's or even individual persons beings monitored. All users
reaching the same endpoint should have the same certificate. So this
is an important technical aspect that must be addressed carefully. The
best way I think would be making users from those countries run some
probe (as volunteers) to get their "Certificates" View. Actually EFF
partially advocates this by telling people how to run their SSL
Observatory but at the same time they suggest doing it in a Cloud
Environment, thus distorting the main purpose of sitting ourselves at
different network locations when collecting data.



On Thu, Sep 22, 2011 at 5:30 PM, Ralph Holz <holz at net.in.tum.de> wrote:
> Hi,
>
>> study this more carefully and sooner as possible. SSL Observatory from
>> EFF is a step forward but we need more.
>
> Their distributed observatory is probably going to help much here, but I
> can offer the data sets from our paper. I'll put the paper online
> tomorrow and paste the link here.
>
>> 1 - We need data on the details of certificates obtained from
>> different geographic/government locations when pointing to popular
>> endpoints such us google, facebook and so on
>
> We did not find any differences in the top 200 or so, and the rest did
> not seem suspicious. See the links in the previous mail for the set of
> differing certs.
>
>> 2 - We need to map/take_in_account clustered endpoints, like google,
>> when doing this, since certificates differ in the clusters.
>
> We did not observe that too often (Microsoft did it, not sure about
> Google), but yes, we would need to crawl such clusters.
>
>> 3 - Sitting ourselfs in different geographic locations when performing
>> data collection should be done using different methods (use of
>> proxy's, people from different countries submitting their certificates
>> views..???).
>
> Sorry, I don't quite get that?
>
> Ralph
>
> --
> Dipl.-Inform. Ralph Holz
> I8: Network Architectures and Services
> Technische Universität München
> http://www.net.in.tum.de/de/mitarbeiter/holz/
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
>



More information about the cryptography mailing list