[146986] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Sep 10 17:52:37 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <105671C0-9159-468C-98F4-1645406121DD@hopcount.ca>
Date: Tue, 10 Sep 2013 22:35:05 +0100
From: Ben Laurie <ben@links.org>
To: Joe Abley <jabley@hopcount.ca>
Cc: "Salz, Rich" <rsalz@akamai.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3682932019957291507==
Content-Type: multipart/alternative; boundary=001a11c31f483d082e04e60e4741
--001a11c31f483d082e04e60e4741
Content-Type: text/plain; charset=ISO-8859-1
On 10 September 2013 22:04, Joe Abley <jabley@hopcount.ca> wrote:
> Suppose Mallory has access to the private keys of CAs which are in "the"
> browser list or otherwise widely-trusted.
>
> An on-path attack between Alice and Bob would allow Mallory to terminate
> Alice's TLS connection, presenting an opportunistically-generated
> server-side certificate with signatures that allow it to be trusted by
> Alice without pop-ups and warnings. Instantiating a corresponding session
> with Bob and ALGing the plaintext through with interception is then
> straightforward.
>
CT makes this impossible to do undetected, of course.
--001a11c31f483d082e04e60e4741
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On 10 September 2013 22:04, Joe Abley <span dir=3D"ltr"><<a href=3D"mail=
to:jabley@hopcount.ca" target=3D"_blank">jabley@hopcount.ca</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div id=3D":7x4" style=3D"overflow:hidden">S=
uppose Mallory has access to the private keys of CAs which are in "the=
" browser list or otherwise widely-trusted.<br>
<br>
An on-path attack between Alice and Bob would allow Mallory to terminate Al=
ice's TLS connection, presenting an opportunistically-generated server-=
side certificate with signatures that allow it to be trusted by Alice witho=
ut pop-ups and warnings. Instantiating a corresponding session with Bob and=
ALGing the plaintext through with interception is then straightforward.<br=
>
</div></blockquote></div><br>CT makes this impossible to do undetected, of =
course.</div><div class=3D"gmail_extra"><br></div></div>
--001a11c31f483d082e04e60e4741--
--===============3682932019957291507==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3682932019957291507==--
