On Wed, Feb 23, 2011 at 15:51, Olivier Mehani <sht...@ssji.net> wrote:
> Just some OT thoughts.
>
> On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote:
>> CA's cannot be trusted to even pay attention to carefully securing
>> your certificate. B Here in the US, the government can simply ask for
>> your certificate and get it ( and possibly even use it to impersonate
>> you)
>
> The government would have the certificate, but not the private key, so
> I'm not sure how they can impersonate you with it.
>
> However, they can just get their own key to *any* shoddy CA included in
> browsers, and get a certificate linking that key to your services
> without much problem.
>
> The problem is not really whether there is a trust relationship between
> your CA provider and you, it's whether at least *one* CA is laxist
> enough that they give out certificates without thorough checking.
>
> Even with your self-signed approach, somebody could get a CA to issue a
> certificate that their key is good for your website, and impersonate it
> to any of your new-coming customers who haven't been exposed to your
> official key yet.
>
> I may also be wrong in my analysis, but as far as my understanding goes,
> it's correct.
>
> --
> Olivier Mehani <sht...@ssji.net>
There is a project (which I'm contributing to so take this with a
grain of salt) -- Perspectives http://www.networknotary.org/ -- that
is trying to solve this problem: how to detect a MITM attack or a
"rogue" CA.
The idea is quite simple: provide a Firefox (and in short time a
Chrome) plug-in that contacts a series of "trusted" (see below) notary
servers that give back their SSL certificate finger-print
"observations". If the browser's observed SSL certificate "matches"
the ones provided by the notaries -- with a sensible time frame --
that everything is Ok (there could be false positives though). If not
it triggers an alarm (which could be a false negative). Therefore this
works with all kind of certificates -- self-signed, trusted CA's or
untrusted CA's. (In fact the notaries are able to "observe" both SSH
or arbitrary TLS/SSL based services certificates.)
The trust moves from the CA to a set of peer-to-peer,
geographically distributed, independently run, notary servers (with a
quorum decision). (But like in the case of Tor (or other peer-to-peer
security systems) you could be in trouble if someone is able to take
over a great deal of the nodes.)
Also because this is more for MITM attacks, rogue CA's can be
detected only if the "government" isn't able to redirect all traffic
to the rogue server for a large time frame. (Thus for example if
government X is able to impersonate the server only in region X, but
not in other regions, notaries in those others regions will signal the
possible rogue CA / servers.)
Ciprian.
