[146987] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Sep 10 17:53:23 2013
X-Original-To: cryptography@metzdowd.com
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <CAG5KPzydNhzby20Dgij5_uXy4j8vadBf1MGCC4KLqxa-9EnF_A@mail.gmail.com>
Date: Tue, 10 Sep 2013 17:44:28 -0400
To: Ben Laurie <ben@links.org>
Cc: "Salz, Rich" <rsalz@akamai.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 2013-09-10, at 17:35, Ben Laurie <ben@links.org> wrote:
> On 10 September 2013 22:04, Joe Abley <jabley@hopcount.ca> wrote:
>
>> Suppose Mallory has access to the private keys of CAs which are in "the" browser list or otherwise widely-trusted.
>>
>> An on-path attack between Alice and Bob would allow Mallory to terminate Alice's TLS connection, presenting an opportunistically-generated server-side certificate with signatures that allow it to be trusted by Alice without pop-ups and warnings. Instantiating a corresponding session with Bob and ALGing the plaintext through with interception is then straightforward.
>
> CT makes this impossible to do undetected, of course.
I don't feel qualified to endorse "impossible", but for the armchair crypto spectator it does sound very much like the right thing.
Joe
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography