TheMindwareGroup writes: > All it would take is for them to put really fast servers (and we know > they are doing this with QUANTUM servers) at key high traffic junctions > on the internet, and in secret at every ISP using a sub CA root > certificate to transparently access *ALL* SSL streams passing through > that point.
If this were done to all connections, it would be noticed very quickly. The browser sees the presented certificate and can log it and perform other analysis. The default behavior of most browsers is not to warn the user, provided the cert appears valid. But there are some users who are using browsers and clients that have other behaviors and will, for example, - compare the cert to the certs seen by other users, or - automatically log the cert, or - automatically send a copy of the cert to third parties, or - notify the user if the cert is different from the previously observed cert for this server, or - notify the user if the cert is different from values this server told the client to expect, or - notify the user if the cert is different from values that the client was told to expect by the original software developer In addition, some people are running bots that check the certs that appear to be presented when HTTPS sites are accessed over Tor, and compare these to the certs that appear to be presented when these sites are access directly. Collectively, these kinds of mechanisms mean that a wide-scale and indiscriminate attack using fake certs would probably not stay undetected for very long. Hopefully, the probability of detecting such an attack quickly will go up over time as more users adopt software that has new mechanisms like this. That does _not_ mean that these attacks never occur or don't succeed against some users, just that they probably aren't occurring against the general public (or the general population of Tor users, at least not for the most popular HTTPS sites). But we can always do more to try to detect attacks. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
