[ProgSoc] this is a test, please ignore
Nicholas FitzRoy-Dale
wzdd at progsoc.org
Mon Nov 3 22:17:44 EST 2008
On 03/11/2008, at 5:59 PM, John Elliot wrote:
> I was reading this article "Mozilla SSL policy bad for the Web" [1]
> this
> evening. I agree with the author's point.
>
> One thing that would lend particular credence to his point, and
> something he didn't mention, is that it is becoming common for network
> equipment to hi-jack outbound SSL connections and proxy them.
I think you and that article's author are talking about basically
opposite points. The article is in favour of transparently accepting
self-signed certs, which makes the sort of man-in-the-middle attack
you just describe considerably less opaque.
EG I'm an evil guy with a proxy (true so far). Whenever someone makes
an SSL connection to me I intercept the connection, create my own self-
signed cert for the site, and steal your credit card details (only
hypothetically true). If this guy has his way then the browser will
accept my self-signed cert without complaining. If you have your way
too then the browser would display "microsoft.com (self-signed)"
somewhere.
This MITM attack is made more troublesome by virtual hosting, but not
much more troublesome because I am also monitoring your non-SSL
traffic. So if your 37 most recent requests were to store.apple.com
then I can probably guess when you make an encrypted connection that
your SSL destination is store.apple.com and not hotlinuxnerds.com,
even if those two sites share the same IP.
The maths behind SSL is hard (but that's OK, someone has already
worked it out). The implementation of that maths in browsers is easy
(this is what we have so far). But getting the user interface right is
really hard.
Nicholas
More information about the Progsoc
mailing list