[tor-talk] How evil is TLS cert collection?

Mike Perry mikeperry at fscked.org
Sat Jun 4 07:55:27 UTC 2011 

Thus spake tagnaq (tagnaq at gmail.com):

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 03/21/2011 01:58 AM, Mike Perry wrote:
> > I've spent some time working with the EFF recently to build a
> > distributed version of the SSL Observatory
> > (https://www.eff.org/observatory) to be included with HTTPS
> > Everywhere. The draft API and design sketch is here:
> > https://trac.torproject.org/projects/tor/wiki/HTTPSEverywhere/SSLObservatorySubmission
> > 
> > The brief summary is that it will be submitting rare TLS certificates
> > through Tor to EFF for analysis and storage. We will also leverage the
> > database of certificates to provide notification in the event of
> > targeted MITM attacks**.
> > 
> > I am trying to decide if this is a bad thing to enable by default for
> > users.
>
> Someone running this (SSLObservatorySubmission) in a non-public network
> (i.e. an internal corporate network) with Internet access will probably
> disclose internal hostnames including IP addresses, if that is the case
> I would identify this as an issue. What do you think about it?

We're going to try really hard to avoid this by default. See the first
two options in the client UI section under "advanced options":
https://trac.torproject.org/projects/tor/wiki/HTTPSEverywhere/SSLObservatorySubmission#ClientUIandconfigurationVariables

However, the tricky bit is that we may not know the real IP address of
the destination server with certainty. We may have to rely on the DNS
cache and/or an additional resolution (which may not even be possible
if the user is using an HTTP proxy without SOCKS).

This means that for the intersection of HTTP Proxy users who do not
have a SOCKS proxy set who ALSO use private sites that are actually
signed by a CA in the default root set may still have these "private"
certs submitted to the observatory.

We don't expect this set to be very large, but just in case, the EFF
intends to do server-side scrubbing if the private_opt_in post
parameter is set to false. Hopefully this will not be needed, but
we'll need to see what the prevalance of this case is in the field to
be sure.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110604/fbfa1a9f/attachment.pgp>

More information about the tor-talk mailing list