Firewall Wizards mailing list archives

Re: Security of HTTPS

From: Ng Pheng Siong <ngps () netmemetic com>
Date: Mon, 29 Nov 2004 00:15:45 +0800

On Fri, Nov 26, 2004 at 06:58:44PM -0600, Frank Knobbe wrote:

On Tue, 2004-11-23 at 10:00, lordchariot () earthlink net wrote:

I wouldn't necessarily call it a MITM attack, but there are some products
out there that intentionally decrypt an SSL connection. These type of
products will take an SSL certificate as presented from the web site, and
re-create a new one on-the-fly to present to the client browser. If the
product's CA cert is loaded into the client, there aren't any certificate
warnings. If not, then most people click through the cert warning anyway
because they don't know any better.


Yuck... that's too complicated. All such a product needs are the public
and private keys from the server. At run-time, it can sniff the public
key of the visiting client, and that's all that's required to follow an
SSL session up to and including the exchange of the session keys (after
which point the device can decrypt and monitor the full SSL session).
This is caused by an (I guess intentional) weakness in the SSL
handshaking.


You're thinking of a device near the server. lordchariot is talking about a
device near the client which doesn't have admin access to the server. He
gave the example of virus/adware scanning, which is aimed at protecting the
client.

(If I remember right, the skinny is that the client encrypts the
pre-master key and sends it to the server. The server [and client] then
generate the master key which is used to generate the session key. The
"weakness" imho is that there is no transfer of encrypted key material
from the server to the client, which would require the clients secret
key to decrypt. Thus, by having the clients public key, and the servers
public and private key, an observer can follow the negotiation and
arrive with the same session key materials as the server. Or perhaps
that is a feature :)


In SSL/TLS, the client certificate request is optional, and its typical
use, HTTPS, does not require client certificates, so there is no client
public/private key here that can be used to "transfer encrypted key
material". 

Cheers.

-- 
Ng Pheng Siong <ngps () netmemetic com> 

http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog
http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Security of HTTPS Alex Bihlmaier (Nov 22)
- RE: Security of HTTPS Ben Nagy (Nov 23)
  - RE: Security of HTTPS Marcus J. Ranum (Nov 27)
    - RE: Security of HTTPS Alex Bihlmaier (Nov 27)
    - Re: Security of HTTPS Chuck Vose (Nov 27)
- RE: Security of HTTPS lordchariot (Nov 27)
  - RE: Security of HTTPS Frank Knobbe (Nov 27)
    - Re: Security of HTTPS Ng Pheng Siong (Nov 28)
    - Re: Security of HTTPS Frank Knobbe (Nov 28)
    - Re: Security of HTTPS Ng Pheng Siong (Nov 28)
    - Re: Security of HTTPS Frank Knobbe (Nov 28)
  - Re: Security of HTTPS Shimon Silberschlag (Nov 28)
    - Re: Security of HTTPS Kevin Sheldrake (Nov 28)
    - Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- <Possible follow-ups>
- RE: Security of HTTPS Jean-Denis Gorin (Nov 23)
  - RE: Security of HTTPS Servie Platon (Nov 27)
    - RE: Security of HTTPS Paul D. Robertson (Nov 27)
    - Re: Security of HTTPS Kevin Sheldrake (Nov 27)