undefined | Better HN

0 pointsphonethrowaway6y ago0 comments

MITM is not mitigated at all by HTTPS. What makes you think that? Do you understand how certificate signing works?

0 comments

How does certificate signing not mitigate man-in-the-middle? Say you have control of DNS and you can fully impersonate and replace any server. You present a valid certificate for the server. It has the public key, which the client uses to try to encrypt traffic. The man-in-the-middle doesn't have the private certificate. You convince the client its talking to the right machine, but then you can't understand anything the client has to say, because it uses the legitimate public key.

Say you have control of the infrastructure and you forge a certificate. You'll have a hard time getting the client to trust the certificate unless you have compromised the signing key of a certificate authority and generated an apparently valid cert.

So, can it entirely prevent it? Can I get verisign to issue me a certificate for G00GLE INC.? If you can alter the client's list of trusted authorities, you can make yourself an authority, but you've already compromised the client. If you can get the server's private certificate, you've compromised the server. You can get creative, sure...probably, you stand a better chance of beating the people in the chain than the technology...but the difficulty of doing so seems to amount to 'mitigation' at the least.

tinix6y ago

Parent isn't wrong... technically.

Certificate Transparency exists, solely because any CA can issue an SSL cert for any domain, and use it to MITM via a proxy.

You are trusting every CA out there, not just Verisign. That is the ultimate weakness. Any CA can issue a cert for any domain.

Expect-CT header is the only thing protecting you from a MITM, and it's not even a protection, really, and it's trivial to strip that header as the MITM before proxying to the client.

How do you think mitmproxy[0] works?

[0] https://mitmproxy.org/

jdormit6y ago

...do you? Unless the attacker has access to the private key associated with the SSL certificate, they can't read any HTTPS traffic encrypted via that certificate - mitigating the ability of that bad actor to perform a MITM attack.

zaarn6y ago

And even if they get a key, they will show up in the CT Logs eventually and the attack becomes public.

judge20206y ago

The effectiveness of CT logs isn't a thing unless the website uses CT monitoring or is a huge company. A [delegated or non-delegated] DNS takeover, or IP address release (eg. cloud providers re-assigning an IP to another customer) could allow you to generate a certificate for some-forgotten-subdomain.medium-sized.company.com using the ACME http challenge. Of course this is mitigated by properly managing your DNS, and CT monitoring is encouraged everywhere.

3 more replies

tinix6y ago

Only if there's an Expect-CT header, which is trivial to strip.

1 more reply

tinix6y ago

Yeah, I think they do, actually.

Two things...

Proxies are a thing, and stripping the Expect-CT header is trivial.

Any CA can generate a valid SSL cert for any domain.

qvrjuec6y ago

The above poster is still technically correct though, getting the cert is just 1 more obstacle in the way of the attack, which isn't as much of an obstacle as one would think for some actors(see China).

profmonocle6y ago

Certificate transparency would make it blatantly obvious if Chinese CAs were issuing bogus certificates. (And if they issued certs without submitting them to CT logs they wouldn't be accepted by Chrome or Safari, so it wouldn't be very useful.)

Sure, they could do it, but it wouldn't be long until there were no Chinese CAs trusted by any browser.

1 more reply

rocqua6y ago

Literally the only reason TLS uses certificates is to mitigate Man-in-the-Middle attacks.

Establishing a shared secret with another party over a public channel is not that hard (Diffie-helman, RSA). The hard part is to ensure the other party is who they say they are. Certificates tackle this by having a trusted party (CA) cryptographically bind the shared secret to an identity.

There are issues here, but if you can read and modify the traffic between my PC and the HN servers, you still won't be able to read and modify the traffic.

tialaramex6y ago

Technical corrections:

The binding is over a _public key_ not a _shared secret_.

Also that last sentence is confusing and I'm not sure how best to fix it. Maybe the last word should be 'meaning' not 'traffic' or maybe the word HTTP should be inserted?

markovbot6y ago

If https doe not mitigate MITM attacks, what is the purpose of it?

tinix6y ago

The purpose is that, and that at which it fails. Why do you think CT logs exists? Exactly for this reason...

j / k navigate · click thread line to collapse

0 comments

theonemind6y ago

tinix6y ago

Parent isn't wrong... technically.

Certificate Transparency exists, solely because any CA can issue an SSL cert for any domain, and use it to MITM via a proxy.

You are trusting every CA out there, not just Verisign. That is the ultimate weakness. Any CA can issue a cert for any domain.

Expect-CT header is the only thing protecting you from a MITM, and it's not even a protection, really, and it's trivial to strip that header as the MITM before proxying to the client.

How do you think mitmproxy[0] works?

[0] https://mitmproxy.org/

jdormit6y ago

zaarn6y ago

And even if they get a key, they will show up in the CT Logs eventually and the attack becomes public.

judge20206y ago

3 more replies

tinix6y ago

Only if there's an Expect-CT header, which is trivial to strip.

1 more reply

tinix6y ago

Yeah, I think they do, actually.

Two things...

Proxies are a thing, and stripping the Expect-CT header is trivial.

Any CA can generate a valid SSL cert for any domain.

qvrjuec6y ago

profmonocle6y ago

Sure, they could do it, but it wouldn't be long until there were no Chinese CAs trusted by any browser.

1 more reply

rocqua6y ago

Literally the only reason TLS uses certificates is to mitigate Man-in-the-Middle attacks.

There are issues here, but if you can read and modify the traffic between my PC and the HN servers, you still won't be able to read and modify the traffic.

tialaramex6y ago

Technical corrections:

The binding is over a _public key_ not a _shared secret_.

Also that last sentence is confusing and I'm not sure how best to fix it. Maybe the last word should be 'meaning' not 'traffic' or maybe the word HTTP should be inserted?

markovbot6y ago

If https doe not mitigate MITM attacks, what is the purpose of it?

tinix6y ago

The purpose is that, and that at which it fails. Why do you think CT logs exists? Exactly for this reason...

j / k navigate · click thread line to collapse