undefined | Better HN

0 pointsbandrami3y ago0 comments

Nope. An unverified TLS session still cannot be examined by a third party. You know you are communicating with exactly one party, even if you don't know who that is.

Your attacker may share the data with a third party, but that's true of verified connections too.

0 comments

14 comments · 4 top-level

kuratkull3y ago· 5 in thread

Unless you have the other parties selfsigned cert pinned, you very well may be experiencing MITM and not know about it.

bandramiOP3y ago

Exactly. You may be being MITMed, but that attack cannot also be eavesdropped or altered by another attacker.

donaldstufft3y ago

Assuming of course that the other attacker doesn't just MITM the first attacker.

But this is a very silly threat model, "I want exactly one person to be able to attack me at a time".

bandramiOP3y ago

Not sure what's silly about that. If I'm on the hotel wifi I'd rather my neighbor not be able to eavesdrop on the person phishing me.

I don't see what's so hard about this:

Plaintext is worst (active and passive attacks possible)

Unverified TLS is better (active attacks possible)

Verified TLS is best (neither active nor passive attacks possible)

1 more reply

kuratkull3y ago

Technically the MITMer could send your data to the intended server in plaintext, or upload your traffic as a torrent, or something else fun like that.

bandramiOP3y ago

The counterparty of verified TLS can also share your communication with a 3rd party; that isn't the problem verification solves.

woodruffw3y ago· 4 in thread

"Private chat with the devil" is not a useful security model for most web sessions, and it's certainly not suitable for codesigning. Authenticity is the property we're aiming for; if it was just integrity, we'd do nothing at all other than provide digests.

bandramiOP3y ago

"Private chat with the devil" is the perfect security model for most web sessions. I trust very few websites I visit in any real sense.

woodruffw3y ago

> "Private chat with the devil" is the perfect security model for most web sessions. I trust very few websites I visit in any real sense.

I'm sorry, but this is either incorrect or a gross misunderstanding of your own threat model.

Most people treat their online self as an extension of their physical self: that means banking information, private personal details, intimate communications, and everything else that's normally private by virtue of physical ownership needs to go through an authenticated channel.

You might not care that someone can't MITM your Wikipedia traffic, but you almost certainly care that someone can't MITM your tax returns or your medical records.

recursive3y ago

> You might not care that someone can't MITM your Wikipedia traffic, but you almost certainly care that someone can't MITM your tax returns or your medical records.

So presumably, you'd demand a cert from a trustworthy authority in those cases. But you still don't want your ISP to be able to inject ads into the recipe blog you're reading.

1 more reply

bandramiOP3y ago

And I definitely want 3rd party verification for my tax preparation website.

But I don't trust news.ycombinator.com any more than I trust somebody pretending to be news.ycombinator.com; validating that cert does nothing useful for me.

1 more reply

Avamander3y ago· 1 in thread

> even if you don't know who that is

Thus it can be the eavesdropper, easy.

bandramiOP3y ago

Exactly, the eavesdropper.

Even if you're being MiTMd by a criminal organization, you aren't also being listened to by the NSA.

donaldstufft3y ago

It is true that an unverified TLS session does prevent passive attacks it does not prevent against "active" attacks. The general consensus is that it's not a useful property to differentiate passive from active here, since every passive attack can be upgraded to work as an active attack, on top of the fact that explaining the subtle differences to people is extremely difficult (and since they can be upgraded to active attacks, not worth it).

j / k navigate · click thread line to collapse

0 comments

14 comments · 4 top-level

kuratkull3y ago· 5 in thread

Unless you have the other parties selfsigned cert pinned, you very well may be experiencing MITM and not know about it.

bandramiOP3y ago

Exactly. You may be being MITMed, but that attack cannot also be eavesdropped or altered by another attacker.

donaldstufft3y ago

Assuming of course that the other attacker doesn't just MITM the first attacker.

But this is a very silly threat model, "I want exactly one person to be able to attack me at a time".

bandramiOP3y ago

Not sure what's silly about that. If I'm on the hotel wifi I'd rather my neighbor not be able to eavesdrop on the person phishing me.

I don't see what's so hard about this:

Plaintext is worst (active and passive attacks possible)

Unverified TLS is better (active attacks possible)

Verified TLS is best (neither active nor passive attacks possible)

1 more reply

kuratkull3y ago

Technically the MITMer could send your data to the intended server in plaintext, or upload your traffic as a torrent, or something else fun like that.

bandramiOP3y ago

The counterparty of verified TLS can also share your communication with a 3rd party; that isn't the problem verification solves.

woodruffw3y ago· 4 in thread

bandramiOP3y ago

"Private chat with the devil" is the perfect security model for most web sessions. I trust very few websites I visit in any real sense.

woodruffw3y ago

> "Private chat with the devil" is the perfect security model for most web sessions. I trust very few websites I visit in any real sense.

I'm sorry, but this is either incorrect or a gross misunderstanding of your own threat model.

You might not care that someone can't MITM your Wikipedia traffic, but you almost certainly care that someone can't MITM your tax returns or your medical records.

recursive3y ago

> You might not care that someone can't MITM your Wikipedia traffic, but you almost certainly care that someone can't MITM your tax returns or your medical records.

So presumably, you'd demand a cert from a trustworthy authority in those cases. But you still don't want your ISP to be able to inject ads into the recipe blog you're reading.

1 more reply

bandramiOP3y ago

And I definitely want 3rd party verification for my tax preparation website.

But I don't trust news.ycombinator.com any more than I trust somebody pretending to be news.ycombinator.com; validating that cert does nothing useful for me.

1 more reply

Avamander3y ago· 1 in thread

> even if you don't know who that is

Thus it can be the eavesdropper, easy.

bandramiOP3y ago

Exactly, the eavesdropper.

Even if you're being MiTMd by a criminal organization, you aren't also being listened to by the NSA.

donaldstufft3y ago

j / k navigate · click thread line to collapse