[cryptography] how many MITM-enabling sub-roots chain up to public-facing CAs ?

Thor Lancelot Simon tls at panix.com
Tue Feb 14 15:22:27 EST 2012

On Tue, Feb 14, 2012 at 09:13:11PM +0100, Ralph Holz wrote:
> > It is not so hard really to see the conceptual difference between the two
> > cases.  But to tools like Crossbear, they basically look the same.
> Why? Crossbear sends the full certificate chain it sees to the CB
> server, where it is compared with the full chain that the CB server sees
> (plus a few more servers, too, actually, that it can ask). Convergence,
> AFAICT, does the same. If you're inside the corporate network, the
> certificate chain in the SSL handshake cannot be the same, and both
> systems will detect them.

In both cases, Crossbear will detect a MITM device, yes?  But in one
case, the device is authorized to sign for the entities it's signing
certificates for, and in the other, it's not.

This does not in any way diminish the usefulness of Crossbear as a tool
for detecting MITM devices.  But what's interesting about what happens
in these two cases is that it's _whether the user is being deceived_
that differs.  Crossbear can't know that -- the user has to supply the
knowledge of whether there is, in fact, an authorized MITM in place.

And that is precisely what is wrong with what Trustwave did: they tried
to make it look like there was no MITM in place instead of an unauthorized
one, where in this case "authorized" means "the administrator of the client
node positively agreed to have that node's traffic MITMed".


More information about the cryptography mailing list