[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

Thus spake coderman (coderman@xxxxxxxxx):

> > The brief summary is that it will be submitting rare TLS certificates
> > through Tor to EFF for analysis and storage. We will also leverage the
> > database of certificates to provide notification in the event of
> > targeted MITM attacks**.
> >
> > I am trying to decide if this is a bad thing to enable by default for
> > users.
> if EFF was presented with a national security letter or other legal
> demand under seal demanding the existence of a given certificate not
> be exposed, would they be bound to not present a MITM alert for that
> cert?

Leaving this for pde and/or Seth.

> (said another way, could this potentially be a false sense of
> security, if all trust for anomaly notification was placed in the EFF
> alone?)

The reality is we won't have the Firefox APIs to actually prevent
content load after certificate inspection any time soon, so it's not
feasible to trust this as your only security measure. Monsterous hacks
might make this possible sooner, though...

On a timescale where we can provide real security rather than just
analysis and post-pwnage notification, we can build multiple databases
to submit to/query, just like Perspectives. 

There's also no real reason why you can't use both Perspectives and
HTTPS-Everywhere. Then you can get both of our half-assed
after-the-fact notifications that you were owned :)

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgp9nVmjwodtW.pgp
Description: PGP signature

tor-talk mailing list