[cryptography] yet another certificate MITM attack

Jon Callas jon at callas.org
Sat Jan 12 14:50:37 EST 2013

Hash: SHA1

On Jan 12, 2013, at 1:27 AM, ianG wrote:

> Oh, I see.  So basically they are breaking the implied promise of the https component of the URL.
> In words, if one sticks https at the front of the URL, we are instructing the browser as our agent to connect securely with the server using SSL, and to check the certs are in sync.
> The browser is deciding it has a better idea, and is redirecting that URL to a cloud server somewhere.
> (I'm still just trying to understand the model.  Yes, I'm surprised, I had never previously heard of this.)

I suppose you can look at it as "breaking the implied promise." You can also look at it as a service.

Many of these systems work in an environment where connectivity is very expensive. In such an environment, saving money by having someone filter your HTTP comes with the cost that you have to trust them not to do bad things with your data.

But if you get into a cab, you're trusting them not to drive you into oncoming traffic. If that threat bothers you, don't take a cab. Every time you eat in a restaurant, you're trusting them to have reasonable food safety practices and not spit on your food. If that bothers you, don't do that.

>> That can be converted pictures, edits to the HTML proper, and so on.
>> The security characteristics are a mixed bag. They can send smaller pictures, scan for malware, but obviously they can't process your SSL connections. So they send the URL to the cloud server, make the SSL connection, and then send you the optimized page over SSL.
> One could interpret the browser as being a combined service between the client on the phone, and the cloud support services, sure.
> I think this interpretation would be unusual to any ordinary user.  At a contractual level, it would also need to be agreed by both ends.  We can easily ensure the end-users' agreement by means of the phone agreement, but it is less easy to imply the banks' agreement.

In some parts of the world and under some conditions, it's *usual*. The network is bad and expensive. It's really easy for us rich Westerners who can afford data roaming plans and travel SIMs to go into high dudgeon over it. I share your disdain, but my disdain is similar to my disdain for payday check cashing places etc. I don't approve. I understand, but I don't approve.

> And, if a security case were to result in a bank being held for damages, it could easily expand to Nokia.  Given the complexity of modern day online banking sites (that's a kind description) I can't see how they could be agile enough to avoid making mistakes.

Sure. Nokia is taking a risk, as is Opera (who supply that browser). That risk is mitigated by a click-through license that no one reads, but heck, someday some judge is going to hack up a hairball on click-throughs.

> Yes, ok, it's not an attack if there isn't an attacker.  Or more generally, is it an attack when the attack is done by self?  "We have met the enemy, and he is us."

Exactly, and the answer is no. It's a service voluntarily offered and subscribed to (for some suitable definition of the word "voluntary").

> So more properly, it might be a breach-of-contract issue, where the contract to provide a browser that does the 'right thing' has been breached (in the view of the outraged).
> Nokia will argue that their contract is clearly expressed, they can do this and they claim so in their contract.  OK.
> Question remains -- what to make of a vendor that does tricksy things with the implied secure browsing contract?

Well, that's like the difference between a short-term loan person who does something tricksy with the interest rate. There's a big smear from accepted to dodgy to unfair to evil. 

> If Nokia can do this, can the other vendors?  Why can't Firefox and Chrome start clouding the https connection?

They could, sure. As I pointed out, Google Reader is almost the same sort of thing, but is an RSS reader. I have quibbles with them, and my quibbles are actually the opposite. Amazon Silk does pretty much the same thing as the Nokia/Opera thing. A lot of pixels have been spilt over it. I don't use Silk, but I don't think Amazon are evil for offering it. I don't think the people who use it are either stupid or dupes. It's just not my thing.

(The quibble I have is over partial security. My quibble is that lots of partial security systems label the partial security as being worse than no security. I believe that partial security is always better than no security.)


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii


More information about the cryptography mailing list