[cryptography] yet another certificate MITM attack

ianG iang at iang.org
Fri Jan 11 14:31:17 EST 2013

On 11/01/13 21:57 PM, Jeffrey Walton wrote:
> On Fri, Jan 11, 2013 at 12:20 PM, Thierry Moreau
> <thierry.moreau at connotech.com> wrote:
>> Jeffrey Walton wrote:

>> More seriously, I agree that the questions raised by Jeffrey are relevant,
>> and I support his main point. End-to-end security should make some sense,
>> even today.
> I think a layman expects end-to-end security. As a more informed user,
> I also expect end-to-end security.
> What befuddles me is some folks don't expect it (or perhaps don't want
> it?). I am amazed at how the industry has conditioned them.

We saw similat in the internal corporate MITM debate.  Back in the late 
2000s, there were allegations that CAs were selling MITM subCAs for the 
purpose of corporations monitoring the network traffic of their 
employees.  There was a confluence of opportunity ($50k from memory), 
there was a real need by corporations, and there was a blanket of 
secrecy over the business.

So, those who complained were not heard.  Vendors and CAs did not do 
anything (new).

Fast forward somewhat, and a debate started up about these unknown 
sub-CAs.  It became very apparent that we had no idea what was going on, 
which cast doubt over the overall governance.  At the same time as 
pressure ratcheted up on those, the attacks started in 2010-2011.

Perhaps with this in mind, vendors shifted and decided MITM sub-CAs were 
a no-no.  Mozilla sent out a letter at some point (2011?) to make the 
point.  I suspect some other vendors did the same.

Then, Trustwave popped up - they seem to have responded to the pressure 
and had retired the MITM sub-CA they had sold.  They just snuck a 
disclosure in somewhere .. which got picked up ... and boom.

We - the vocal community of observers - decided that MITM sub-CAs was a 
bad idea.  In doing that, we consensually decided that the (valid) 
reasons presented were not enough.

History rhyming?

We're going to see a bunch of reasons why Nokia can do a 
proxy-sub-CA-MITM or whatever this is.  Why it can do MITMing that isn't 
MITMing.  And then we are going to decide, YAY or NAY.

So let's see those reasons?


More information about the cryptography mailing list