[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

It strikes me that I'd want notice (or the option to get notice)
before submitting rare certs to the database... say a dialog like:
"We're about to submit the certificate for the following site, [x] ok,
[ ] no, do not submit this certificate. ([ ] remember this preference
for this certificate)." My reasoning is that I should usually have a
good idea when I'm expecting a rare/self-signed cert, and if I'm not
expecting it, I'd probably want to submit it. Does that make sense?
best, Joe

On Sunday, March 20, 2011, Mike Perry <mikeperry@xxxxxxxxxx> wrote:
> Thus spake coderman (coderman@xxxxxxxxx):
>> > The brief summary is that it will be submitting rare TLS certificates
>> > through Tor to EFF for analysis and storage. We will also leverage the
>> > database of certificates to provide notification in the event of
>> > targeted MITM attacks**.
>> >
>> > I am trying to decide if this is a bad thing to enable by default for
>> > users.
>> if EFF was presented with a national security letter or other legal
>> demand under seal demanding the existence of a given certificate not
>> be exposed, would they be bound to not present a MITM alert for that
>> cert?
> Leaving this for pde and/or Seth.
>> (said another way, could this potentially be a false sense of
>> security, if all trust for anomaly notification was placed in the EFF
>> alone?)
> The reality is we won't have the Firefox APIs to actually prevent
> content load after certificate inspection any time soon, so it's not
> feasible to trust this as your only security measure. Monsterous hacks
> might make this possible sooner, though...
> On a timescale where we can provide real security rather than just
> analysis and post-pwnage notification, we can build multiple databases
> to submit to/query, just like Perspectives.
> There's also no real reason why you can't use both Perspectives and
> HTTPS-Everywhere. Then you can get both of our half-assed
> after-the-fact notifications that you were owned :)
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs

Joseph Lorenzo Hall
ACCURATE Postdoctoral Research Associate
UC Berkeley School of Information
Princeton Center for Information Technology Policy
tor-talk mailing list