On 2014-05-30 12:53 PM, Gervase Markham wrote:
On 29/05/14 07:01, Mike Hoye wrote:
It's become clear in the last few months that the overwhelmingly most
frequent users of MITM attacks are state actors with privileged network
positions either obtaining or coercing keys from CAs,
I don't think that's clear at all. Citation needed.
I think it's more likely that they are intercepting SSL using crypto or
implementation vulnerabilities without explicit CA cooperation.
A colleague of mine at CMU just published a paper on exactly this
question: https://www.linshunghuang.com/papers/mitm.pdf
One-sentence summary: the most frequent sources of MITM attacks on HTTPS
connections *specifically to Facebook* are (a) locally installed
malware, (b) institutional transparent proxies for virus scanning,
Internet "filtering", and so on.
Nothing was detected that was obviously, or even plausibly, an attack by
a state surveillance agency, although (if they do do this) one would
hope they are at least competent enough to not make it obvious.
----
Reading through the whole discussion, it sounds to me like TOFU +
pinning (this exact cert chain is trusted only for this specific host)
would be a reasonable short-term solution for existing email servers
with self-signed certificates. I don't have any better ideas for the
long term, but maybe we should reach out to the owncloud, Mailpile, etc.
developers and talk to them about what *they* see as an ideal solution.
(Mailpile especially has people on staff who care deeply about UX.)
zw
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
