HTTPS redirects to HTTP for monitoring
mpalmer at hezmatt.org
Sun Jan 18 23:02:48 UTC 2015
On Sun, Jan 18, 2015 at 08:05:18PM +0000, Kelly Setzer wrote:
> I don't know if you're referring to HSTS.
No, HSTS is separate to certificate pinning. Certificate pinning would, in
fact, cause Chrome to freak out in the presence of an HTTPS-intercepting
proxy, but that's what it's supposed to do. I doubt that organisations
regressive enough to do HTTPS-MitM would be enlightened enough to allow
Chrome to be installed, though.
> If not, it's worth noting in
> this thread. As I understand HSTS, session decryption is still possible
> on sites that send the 'Strict-Transport-Security' header. See:
Yes, HSTS allows interception; it would, on the other hand, prevent the
downgrade attack which the OP was suggesting as one option to allow
organisational monitoring of web requests and responses.
> I suspect it's only a matter of time before browsers become suspicious by
> default, requiring that HTTPS responses be signed and requiring that SSL
> certificates come from trusted sources.
That sounds like what has been the case since... forever.
> All of this points to the deficiency of the existing commercial
> certificate authority system. The fact that organizations can easily
> purchase software specifically designed to subvert encrypted communication
> channels is proof that HTTPS security is an illusion.
What does the existence of a HTTPS proxy have to do with the deficiency of
existing CAs? Yes, CAs have issued intermediate CA certificates to MitM
boxes (Trustwave has been caught doing it; I'm sure others have done it,
too). However, the standard mechanism for doing this sort of thing is a
locally-issued root CA certificate, which is installed in the corporate SOE
as a trusted root. That is, actually, *exactly* how the TLS certificate
system is supposed to work -- root CA certificate is marked as trusted, thus
everything issued therefrom is considered OK.
That this is possible is not "proof that HTTPS security is an illusion";
it's simply another demonstration that if the bad guy has control over your
machine, it isn't your machine any more. If TLS wasn't vulnerable to this
particular mode of subversion, I'm sure there'd be products out there that
would hook into the core of the browser and grab the requests before they
got into the encrypted channel and re-route them to the proxy, and it would
be that software, rather than the local root CA certificate, which would be
installed in the corporate SOE.
More information about the NANOG