Anonymous Source Claims Feds Demand Private SSL Keys From Web Services 276
Lauren Weinstein writes "With further confirmation of the longstanding rumor that the U.S. government (and, we can safely assume, other governments around the world) have been pressuring major Internet firms to provide their 'master' SSL keys for government surveillance purposes, we are rapidly approaching a critical technological crossroad. It is now abundantly clear — as many of us have suspected all along — that governments and surveillance agencies of all stripes — Western, Eastern, democratic, and authoritarian, will pour essentially unlimited funds into efforts to monitor Internet communications."
If this is true it means that SSL/TLS to any Internet service could be useless — the authorities could simply man-in-the-middle anyone. Without knowing who has given keys over, or if anyone has given keys over... The NSA does claim encryption poses a problem for them, but honesty isn't their best attribute. The source claims that major providers at least have resisted (assuming it is happening), but that smaller companies may have folded to the pressure.
"Main-in-the-middle"? (Score:5, Funny)
Well, at least it's not "man-in-the-middle" because that would be bad.
Re:"Main-in-the-middle"? (Score:5, Insightful)
It's not a "man in the middle" attack. It's the "government on top" attack.
Re:"Main-in-the-middle"? (Score:5, Funny)
It's the "government on top" attack.
Don't you mean "government from behind"?
Re: (Score:2)
Don't see why it can't be both.
Re:"Main-in-the-middle"? (Score:5, Interesting)
The larger issue IMO is
governments and surveillance agencies of all stripes â" Western, Eastern, democratic, and authoritarian, will pour essentially unlimited funds into efforts to monitor Internet communications.
We haven't had a constitutional amendment in the US for some time now. We need one here. Forget specific technologies and the bizarre precedents that have twisted the 4th to allow this - we need a major reset.
Something like "The government shall not collect or store any information, even publically available information, about the activities of a citizen except upon issuance of a warrant; said warrant shall only issue upon evidence that a specific individual has committed a specific crime."
I casn accept a lower bar for "collecting and storing information" than for "searching" but there must be some bar to clear.
Re: (Score:2)
Not a bad first start though.
Maybe something like 'information collected may not be used for prosecution except when collected under issuance of a warrant.'
Constitution writing is hard
Re: (Score:2)
Huge loophole: What is meant by 'prosecution?' That might stop the government from openly jailing someone for upsetting a senator, but it doesn't stop classic abuses like poking at the victim's life to find another crime they can be prosecuted for (Everyone has broken a law somewhere), or subjecting them to intensive audits and investigations that could leave their reputation ruined. It's quite possible to persecute without prosecuting.
Re: (Score:2)
Re: (Score:3)
Re:"Main-in-the-middle"? (Score:5, Insightful)
I chose "the activities of a citizen" as a way to say "what we do, not who we are". Keeping "who we are" records: birth certificates, permits licensing of various kinds, etc, is different in kind from monitoring daily activities. But I'm no lawyer and don't know how to say this better.
Also, why does the government need "census data" beyond a simple headcount? Heck, I'd like to move to an income tax system that's purely a payroll tax (so the government doesn't learn how much any given individual makes, but can still tax our income).
The government collects every bit of information it possibly can, but it's time to start saying "NO! Find a way to do that without spying on us!" It's time for the pendulum to swing the other way.
Re: (Score:3)
Right, so why does the government need "census data" beyond a simple headcount? The constitution calls for a headcount, but the government naturally uses it as an excuse to collect all the additional data it can get away with. Will they ask "list every online alias you've ever used" in the next census? Would it really surprise anyone here if they did?
Re: (Score:3)
Probably not...
Yes.
Now, the census after that? Wouldn't be at all surprised...
Oh, and thanks for giving them the idea....;-)
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
and ensuring that no thinking person is ever going to agree with you.
The general public isn't made up of thinking people anyway.
Re: (Score:3, Funny)
Self signed? (Score:5, Interesting)
Does this mean a self-signed certificate is more secure than a commercial one?
Re: (Score:2)
That's actually been my opinion a while. When Firefox tells me "This connection may not be trusted" I'm less inclined to worry, because the CA is just one extra link in the chain to be broken.
US Military shares your opinion. (Score:5, Interesting)
Re: (Score:2)
That's the whole point.
You set up the CA Authority - and use it to self-sign your certs - and it's safer than a commercial one.
Re: (Score:2)
That depends what you mean by "safer".
It's safer to you. Onto your machines you can install the certificate of your CA, and you'll know everything is peachy.
But if your audience is "the general internet population", e.g. because you're trying to sell stuff to them, it's less secure. Without a trusted or semi-trusted third party (normally served by the default CAs), there is no way to convey the authentici
Re:US Military shares your opinion. (Score:5, Interesting)
Re: (Score:3)
Seems that would fix many of the problems.
That way if the commercial CA is trustworthy at first, you can transfer your public key; and if the commercial CA gets compromised later, your self-signed key protects you.
Re: (Score:2)
You are, of course, assuming that those who want the keys can't just hack (or walk their way in) into your server, retrieve your keys and access password. Big assumption.
I wonder if we will see a resurgence in the use of PGP. What would the resources need to be to compromise the web of trust?
Re: (Score:2)
Re: (Score:2)
No, no it isn't. Not really.
According to this post [slashdot.org], this post [slashdot.org], and my own intuition [slashdot.org], CAs never see your private keys. A CA cannot reveal more information than is known publicly anyway, even if they are thoroughly malicious. The most you could argue about the standard set up is that CAs give a false sense of security.
I can only think of one attack that could occur with CA-signed certificates but not with self-signed certs. If you remove all defa
Re: (Score:2)
If you have the CA's own key, you can generate a fake certificate that looks real in every way to the browser. You would be encrypting with a different private key when communicating with the visitor's browser. The user just wouldn't know since they're decrypting with their own key.
Re: (Score:2)
It doesn't necessarily have to be out-of-band. If it's a consistent group of users there from the beginning, they would all trust the original certificate once and still be notified by the browser if they're presented with a self-signed cert they don't already trust.
I never said that self-signed was more secure. I was responding to you claiming that CA's weren't another link in the chain to be broken. It is. Why else would you now say that CA certificates were more secure if they weren't another link in
Re: (Score:2)
Re: (Score:3)
A wild card cert is a lot cheaper than that.
$600 is closer to what they actually cost.
Re:Self signed? (Score:5, Informative)
Self-signed is only fine if the client and server are in a trusted environment, exactly the environment where pre-shared keys are a possibility, so you should have loaded that cert into your client before attempting the connection.
Barring that, and in the 99% of cases where clients are talking to servers out on the wide-open internet, CA's and the warning against self-signed certs serve a very good purpose -- preventing man in the middle attacks during handshake.
If anyone (your ISP and the NSA included) hijacks your initial connection, proxies it, and substitutes their own cert, you need a way to know whether that cert is really from the destination site, or a phony. That's exactly the problem CAs solve. (Other solutions include "web of trust", pre-sharing all important keys, concensus methods, etc.)
At worst, this news means that it's possible NSA (but probably nobody else) has been able to decrypt legitimately encrypted traffic (no MitM attack with substituted keys, just a tap using the real ones) for some services, or if they have CA keys, might have been able to issue their own legit-looking certs, which with some additional work, could have enabled them to perform MitM attacks on arbitrary sites and all of their users.
But this does not mean that self-signed certs are just as good as CA-backed ones in a general sense; if you rely on those, without pre-sharing keys with all clients, then all clients are vulnerable to MitM attacks from anyone with access to modify the communication channel, not just the NSA. And considering the known issues with insecure DNS, that's a much wider field of potential attacks.
Re: (Score:3)
That's exactly the problem CAs solve.
That's exactly the problem the commercial CA's *cause* when they co-operate with oppressive governments. http://arstechnica.com/security/2010/03/govts-certificate-authorities-conspire-to-spy-on-ssl-users/ [arstechnica.com]
Govâ(TM)t, certificate authorities conspire to spy on SSL users ... which meant that CAs must be handing over certificates so that they could be used with the device.
Re: (Score:2, Insightful)
In some situations yes, but in those same situations I don't think this news really changes anything (where you set up the cert yourself on one of your own servers for use by yourself, for instance). Otherwise this just means that these certs are slightly less secure because governments have a copy. If you're connecting to a strange server, it may be better to have a signed cert because they're still not quite as easy to come by as a self-signed one.
In any case this doesn't change the old fact that a self-s
Re: (Score:2)
In any case this doesn't change the old fact that a self-signed cert is at least as good as an unsecured connection and browsers should stop throwing a shit-fit when they run into one.
If you think browsers should instead always notify you when using a trusted CA-signed cert ("Congratulations! This site appears to actually be legit!"), with the default for self-signed and unencrypted communications being silence, yeah, I can kinda see your point. You should default to paranoia, right?
Otherwise, no; the warni
Re: (Score:2)
If you think browsers should instead always notify you when using a trusted CA-signed cert ("Congratulations! This site appears to actually be legit!"), with the default for self-signed and unencrypted communications being silence, yeah, I can kinda see your point. You should default to paranoia, right?
That's what I was thinking, and modern browsers are already halfway there with the address bar lighting up in a bright color on signed HTTPS connections.
Re:Self signed? (Score:5, Interesting)
Yes, providing you can guarantee the security of the private keys, if you're concerned about government(s) spying on your communications, that is definitely the way to go.
For our organization, due to the highly confidential nature of some of our data and communications, I am about to build a machine that will have no network connection whatsoever that will hold the CA and private keys, and will use it to produce public keys for our VPN, mail server, web services and the like. The server will be behind lock and key and locked down with LUKS, and the keys for that will be held in a separate location. Obviously nothing is 100%, but it's going to physical access to the server and to the private keys to compromise the system.
Re: (Score:3)
For our organization, due to the highly confidential nature of some of our data and communications, I am about to build a machine that will have no network connection whatsoever that will hold the CA and private keys, and will use it to produce public keys for our VPN, mail server, web services and the like. The server will be behind lock and key and locked down with LUKS, and the keys for that will be held in a separate location. Obviously nothing is 100%, but it's going to physical access to the server and to the private keys to compromise the system.
Counterpoint:
http://www.foreignpolicy.com/articles/2013/07/16/the_cias_new_black_bag_is_digital_nsa_cooperation?page=full [foreignpolicy.com]
During a coffee break at an intelligence conference held in The Netherlands a few years back, a senior Scandinavian counterterrorism official regaled me with a story. One of his service's surveillance teams was conducting routine monitoring of a senior militant leader when they suddenly noticed through their high-powered surveillance cameras two men breaking into the militant's apartment. The target was at Friday evening prayers at the local mosque. But rather than ransack the apartment and steal the computer equipment and other valuables while he was away -- as any right-minded burglar would normally have done -- one of the men pulled out a disk and loaded some programs onto the resident's laptop computer while the other man kept watch at the window. The whole operation took less than two minutes, then the two trespassers fled the way they came, leaving no trace that they had ever been there.
Over the past decade specially-trained CIA clandestine operators have mounted over one hundred extremely sensitive black bag jobs designed to penetrate foreign government and military communications and computer systems, as well as the computer systems of some of the world's largest foreign multinational corporations. Spyware software has been secretly planted in computer servers; secure telephone lines have been bugged; fiber optic cables, data switching centers and telephone exchanges have been tapped; and computer backup tapes and disks have been stolen or surreptitiously copied in these operations.
Re: (Score:2)
Re: (Score:3)
If the data is that confidential, you should probably look into an actual FIPS-certified network-connected HSM instead of rolling your own.
I did a project a few years back using nCipher NetHSMs (they've since been bought up, I believe) and they were quite cool technology. Even then, I think one of these devices was in the $25K range at most.
The great thing is, if you generate a key pair with one of these, you literally cannot get access to the private key to hand over to the government, even if you wanted
Re:Self signed? (Score:5, Informative)
No. The Feds are requesting the private keys from the server operators themselves, not from the CA. A self-signed certificate's no guarantee the site operator hasn't coughed up the private half to the surveillance people. I'm not any more worried about this, though, since as demonstrated with XMission the government doesn't need to eavesdrop on communications when they can get access directly at the server end of things. As long as the Feds can threaten the site operator with unspecified nasty things if they don't cooperate or if they even say a word about what's going on, I have to assume any site I don't control myself is potentially compromised and any data sent to it's potentially visible to the various agencies involved or to the private contractors those agencies are using to do the grunt work. In many cases that doesn't matter much since the nature of the site's such that I won't put anything sensitive or compromising on it in the first place.
Re: (Score:3)
The Feds are requesting the private keys from the server operators themselves, not from the CA.
Something tells me that before this is over, we'll find out they've been requesting them (and getting them) from the CA's too.
Re: (Score:2)
Actual question: do the CAs even ever have access to the private keys?
I'm pretty sure there's no technical reason they need them -- the CAs just need to attest to the public key, which they could do just by signing the public key. But that doesn't mean that's how the system is set up in practice, of course.
Re:Self signed? (Score:5, Informative)
Actual answer: no.
The CSR (Certificate Signing Request) contains only the public half of the key, to be signed by the CA's key which results in the CA attesting that the information is verified.
The entity whose key was signed always maintains control of the private key. Which, to me, is the reason that public-key encryption is not "over". The NSA would have to strong-arm every single holder of an SSL key, not just the Certificate Authorities.
Granted, though, those private keys are not often held terribly securely - they're most often just files on a server that aren't even password-protected, because that requires an admin to type in passwords whenever the Web server is restarted. They COULD be held in an HSM, a hardware security module much like a TPM on steroids, but that's very expensive and difficult to set up.
However, none of this means that public-key crypto is broken. It's possible that individual sites could be compromised via this route (Facebook, Google, etc) but as a whole, no.
Re: (Score:2)
As long as you have the CA's key, you can sign your own private key to execute a MITM attack. You don't need to have the real private key to do this. In the middle, you decrypt and re-encrypt before sending packets along. The site visitor doesn't know if they're connecting to the "correct" private key. There's no way to know that. They just know they're connecting to a site that's using a public key that has also been used to sign a certificate.
And since your certificate is unknown to the CA, it won't
Re: (Score:2)
It'd be easy enough to sign a false certificate though. If done on a large scale it'd be noticed eventually, but as a targeted intercept just on a few individuals it'd work.
Re:Self signed? (Score:4, Insightful)
Re: (Score:2)
That would only be useful to forge certificates, and using such forged certificates would allow tracking of surveilance activities -- the provider would not see them in their own keyring so if they were seen in the wild and came to a privider's attention, their natural reaction would be to accuse the CA of having been compromised... because you have no way of knowing it's the NSA that's doing it.
Unless it totally sucks or is also hosting your SSL service, a CA neither needs nor asks for your private key, it
Re: (Score:2)
Not more, but not necessarily less. With a self signed cert, you cant verify the identity of the signer/cert. With the possibility of a compromised CA, you have (essentially) the same problem. (As far as understand it anyways).
What I would like to know is what (if anything) can be done to verify keys without a CA? I don't know that much about crypto, so am genuinely curious. Are there techniques to do this? (Diffie-Hellman-Merkle?)
Re: (Score:3)
With a self signed cert, you cant verify the identity of the signer/cert.
Correct, and that's really all you're paying for when you buy a certificate from a CA: You pay enough money and provide enough documentation that they're confident you are who you say you are.
With the possibility of a compromised CA, you have (essentially) the same problem.
Almost correct. You can't really verify the identity, but your computer won't really even try because it trusts the compromised CA. The solution is to check revocation lists, but there are problems with that.
What I would like to know is what (if anything) can be done to verify keys without a CA?
Let each person be a CA [wikipedia.org]. If I know you, I can sign your certificate myself. Anybody who knows me and trusts me
Re: (Score:2)
Let each person be a CA [wikipedia.org]. If I know you, I can sign your certificate myself. Anybody who knows me and trusts me would then trust you. Again, compromises are fixed by revocation and expiration, but the impact is somewhat less severe.
then you get something like the ebay problem where every review is AAAAAAA++++++++++++!!!!!!1!!!!one!!eleven!!
and are useless
just because i trust my friend doesn't mean i always trust him to show good judgement...how do i know he was of sound mind when he signed the cert for that tattoo parlor and came back with the pink bunny tattoo on his forehead?
Re: (Score:3)
Not to sound dismissive, but that's an implementation detail. PGP uses a system of partial trust, though its particular implementation I don't know.
I do recall some (long-outdated) research into this particular problem, where a trust network didn't simply have "trust" or "do not trust". Rather, it maintained a percentage of trust - Each hop in a chain decreased the total trust in the chain, but each separate path increased it. At the end of the chain, the client could compute exactly how much a particular s
Re: (Score:3)
I work in finance. Until recently, my company had several million dollars being controlled through a bank whose website required exactly 6-character passwords, which they'd happily send to you in plaintext via email if you forgot it.
No, I do not want to trust banks with information security.
Re:Self signed? (Score:4, Interesting)
There's always the Convergence project (based on the previous Perspectives CMU work).
Basically, instead of CA's you have notary servers that track changes to certificates and that you (your browser) contacts to verify that they and you are seeing the same certificates.
That way, if a MITM attack is ongoing it will, if targetting you specifically, probably show a discrepancy between the certificate presented to you and the one presented to them. If targetting the specific website and MITM'ing all connections to it the only demonstration of a problem might be that the site suddenly appears to have a new certificate, but that would still most likely alert site operators who may be surprised to note a change they didn't do.
Re: (Score:3)
Well, you can always fingerprint a key and verify with the owner of the site that the fingerprint is correct.
The CA model is called a "web of trust" model - it relies on you trusting someone and then seeing if a key you've been given was signed by someone you trust. In the CA model, the CA signs public
Re: (Score:2)
I really dislike the way certificates are treated right now. Certs incorporate two different things, namely authentication and encryption. Ofcourse I understand that it is more secure to have an encrypted channel while communicating with a host that needs to be authenticated but the reverse isn't always the case.
Sometimes I am not interested in authentication with a machine because I know that the machine in question is the right one. What I AM interested in is the fact that I should be able to communicate
Re:Self signed? (Score:5, Insightful)
No. When a CA signs a certificate, they don't get the private key used for decryption. They just assert that a particular public key really does belong to who it says.
If the NSA has Verisign's key, for example, they'd be able to do two things:
The latter is where the man-in-the-middle attack comes in. The NSA can claim to be whoever you're trying to reach, and the certificate will look valid and be trusted by default on any system that trusts Verisign. On the other hand, a self-signed certificate isn't signed by anybody else. The NSA doesn't need anyone else's private keys to make their own and claim to be anyone. The client will see the certificate, ask you if you trust it, and unless you're in the habit of memorizing certificate fingerprints, you won't notice a difference. Once any certificate is trusted (either by default or by your acceptance), your traffic will be sent to (and decrypted by) the certificate holder.
This is actually already a problem. CAs have been compromised, and their stolen credentials have been used to sign certificates claiming to be governments, Microsoft, and other generally-trusted sites. The apparently-trusted certificates are then used to make scams look more legitimate.
Re: (Score:2)
I would not be surprised to see that the NSA - or any other nation's intelligence service - can devise ways to make you think (and take it for a fact) they are whoever they tell you they are.
As for certificates and CAs: certificates, keys and CAs are about building trust. Between the service provider on one end for example, and its customers on the other. The Certificate Authority asserts that the service provider is who it claims to be, and another Certificate Authority (or maybe even the same - the root C
Re: (Score:3)
CAs including Verisign actually advertise the fact that they provide "lawful intercept" services. IOW, they cooperate with the spies and I assume they don't have to give up their master keys to the NSA in order to assist with MITM attacks. CAs are in the business of intercepting our communications.
All they have to do is keep a database of bogus certs for the addresses they verify, and perform a verification against a bogus cert for particular user IPs on a surveillance list supplied by the spies. Then all t
Re: (Score:2)
Re: (Score:3)
Good question. The short answer is that they don't know it's really from you. A root CA certificate is the root of trust - it is self signed by the CA. It cannot by itself prove it is genuine.
In a corporate environment where you control the infrastructure you could automatically distribute the root certificate to your users with group policy or some other trusted distribution mechanism. If you don't control the infrastructure, then you would need some other out-of-band method to assert that cert is genu
Re: (Score:3)
Does this mean a self-signed certificate is more secure than a commercial one?
I have spent almost 10 years of my life trying to explain people why self-signed certs are much more secure.
People don't care.
Re: (Score:2)
They already have access to commercial ones and can decrypt those :)
Re: (Score:2)
Because you can add the self-signing CA to your browser and not get security warnings unless the server suddenly switched.
A third party proxy doesn't need the private key to decrypt the data. They are the end-user from the server's perspective and so they can use their own key to decrypt it. Then they would re-encrypt it using their own private key. But since they presented their own certificate to the victim, that's irrelevant. If it went from a known self-signed cert to something else, a user would kn
Time To Learn Klingon (Score:2, Funny)
Time to learn Klingon, or invest in carrier pigeons and a Little Orphan Annie decoder pin.
I wonder if our government will be responsible for single handedly killing our consumer tech industry.
Re:Time To Learn Klingon (Score:5, Funny)
We're talking about the NSA. Half of the probably play Klingon Boggle at lunch.
A "problem," you say? (Score:3, Insightful)
Of course encryption is a problem for them. It's the same problem Allied intelligence had acting on information that could only be attained because Enigma was broken. [wikipedia.org]
Cisco (Score:3)
I wish I was back in my last cisco vpn class and see what my instructor (who according to his self was installing security for major industry) has to say now about my question about transparent proxies and ssl and cisco road map. he was recommending ssl as a better replacement to ikev2. Granted my tin foil hat was fully deployed about NSA snooping but...
i wish i was wrong.
Re: (Score:2)
They were doing this not for NSA reasons it's just what the tech industry does: find a protocol that is a bit inconvenient to set up, and instead of making it more convenient to set up, figure out an alternate scheme that's a little easier to set up, but for which they can charge a license fee for the feature, because it's new and shiny, and the sales force has been told to make sure all the PHBs know it is new and shiny.
Of course then the rimshot comes and they realize in their haste they've done something
Oh the land of the free ... (Score:2, Insightful)
So the next time the US wants to chastise another country for spying on their citizens, the response is going to be "go away you hypocritical assholes".
America has lost her moral compass, and is quickly turning into a police state.
Papers please comrade.
Re: (Score:2, Insightful)
america has been a police state ruled by fear for some time now, your among the most oppressed people in the world but its balanced by ignorance, its taken you guys this long to notice.
How is this "confirmation"? (Score:3, Insightful)
>> "The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.
So...some guy said "yes, they're collecting keys." No written evidence, no names. We demand "citation" from people posting backstories of cartoon characters on Wikipedia, so how exactly is this "confirmation" of anything?
Re:How is this "confirmation"? (Score:5, Insightful)
Do you really expect people to say this publicly, when the most likely consequence is imprisonment and a media circus that paints them as evil villains?
Re: (Score:3)
I am sorry we are currently on a little trip winding through Hong Kong and Russia, please try again when the constitutional rights are restored.
What about non-american CA's? (Score:4, Interesting)
Re: (Score:3)
Who says they don't all have a big sharing agreement? Even countries that are unfriendly to each other, it would be worth it to both sides. You can be sure the governments themselves aren't using this stuff.
Re: (Score:2)
Re: (Score:2)
Who says a government would contact the CA directly? They could call someone in the other spy agency and say "Hey wanna trade certs? We can watch terrorists using your certs and you can watch dissenters using ours. Deal? OK great, get certs from the authorities in your own country, I'll do the same and we'll trade tomorrow."
Think of cold war police states (Score:4, Interesting)
Re: (Score:2)
Yeah today between machines and self-service spying (meaning, people post it on Facebook themselves) it's like shooting fish in a barrel.
Will this do it? (Score:5, Interesting)
If this does not kill off the cloud or at least seriously damage the business model, I think it would be safe to say human apathy has reached critical mass and we deserve everything that is coming in the next 20-30 years.
Re: (Score:2)
Oh come on. I don't think it's right but I have to say the government pretty much knows everything about me now anyway. What difference if they have access to my private info. I know they are watching so I'm certainly not going to provide them with anything damaging to me. There are ways around this if you know it's compromised and even without this article I was pretty sure it was compromised anyway. Any security that you don't have 100 percent control of isn't totally secure by definition. I know th
Re: (Score:3)
You are missing the point amiga3D. When "the government pretty much knows everything about [everyone] now anyway" - then there is no more ability to effectively and democratically reform society for the better, right injustices, fight to change the status quo etc. For example try and organize a rally, information drive, any form of community organization against or for [insert cause]. If it upsets those in power you will be picked up/harassed/fired/detained before any of your emails/chats/phone calls to or
all certs? Not just ca? (Score:2)
Re: (Score:2)
If they have the CA key, they can create a new private key for the service you are going to, reroute your traffic intended to go to that service sending it to their own server, provide the public half of the "master" key they created which is signed by the CA key, and your client (browser) will believe it is reaching that service when it is not. This is the man in the middle attack, styled slightly different by having the CA key instead of the target private key.
Browsers could help with that by saving the
If true not so bad! (Score:2, Informative)
If true this could be bad as presently SSL uses the public / private RSA key pair for encryption as well as authentication.
BUT under the latest SSL / TLS standard (only presently client side supported by Chrome) the encryption half of the secure connection can be performed by Diffie-Hellman key exchange and that would offer perfect forward security. Meaning that all a government with the private key can do is a MITM attack, and it is possible to spot that by using multiple IP path checking and other tests.
U
Don't entirely buy this (Score:2)
I've seen this claim a few times in the past. Someone a few months ago told me they were confident that the government already have private keys for every major US site.
If that were the case, why would they need to request data from Google, Microsoft, Facebook, Yahoo, AOL, etc. All of these companies have discussed how the government requests data from them, and how they have to provide it. If the government simply had the private keys and could just sniff all traffic, they wouldn't need to.
I wouldn't be sh
Re: (Score:2)
Having the CA keys, or the site private keys, does not automatically hand data over to them. They still have to intercept the data, being sure none of it reaches the intended destination except through their MitM attack. They have the taps and the means to do this. They do NOT have the resources to do this for 100% of the population ... yet. They still need to get certain subsets of other data from these providers to do what they are doing. Don't assume that because they are asking for certain data tha
Re: (Score:2)
They could just sniff traffic at all the tier 1 ISPs and filter for who they're looking for. They'd have info immediately. If they had keys and they weren't doing this, then they'd be idiots.
Re: (Score:3)
"If that were the case, why would they need to request data from Google, Microsoft, Facebook, Yahoo, AOL, etc. All of these companies have discussed how the government requests data from them, and how they have to provide it. If the government simply had the private keys and could just sniff all traffic, they wouldn't need to."
It comes down to legality. If the government intends to eventually prosecute someone, they have to follow the legal process.
On the other hand, if all they want to do is snoop and "pr
Re: (Score:2)
That's precisely the point. The system that has been exposed (and many people have known about for years) is that the government uses NSLs to get data from companies. Requesting SSL keys doesn't make sense because they can't use the data.
Gag orders, duress (Score:2)
Update, 11:40 a.m. PT: Adds additional comments from a Facebook representative saying the company has not received such requests.
So how do we know this statement is not as it is due to a FISA or other type of gag order with accompanied threat? The truth is we simply do not if this statement is as it is due to the duress of a gag order. We have not have a pre-established a duress code word, nor the trust the needs to accompany it.
Re: (Score:2)
About the same way that we don't know the reporter or their source simply made up the statement.
The SSL "problem" (Score:2)
Does the NSA really have a problem decrypting SSL/TLS? I find it hard to believe that they do not have dedicated hardware with specialized processors that have been custom built to crack SSL/TLS.
Snowden Assange WikiLeaks CA (Score:2)
Probably the only CA I would trust.
Re: (Score:2)
Setting up a CA is easy, anyone can do it.. The hard part is getting the CA's keys into the various browsers. If you don't get your keys into browsers then users don't have any confidence in the certificates that you hand out and the browser cannot detect a Man In The Middle attack. Users will (righly) see nasty warnings from the browsers.
If the NSA says ''no'' then the major browser vendors will not distribute your keys with their browsers. Unfortunately: but probably so.
Something needs to change else it i
the same person said Obama is a space alien (Score:2)
That anonymous source guy is a nutcase. Imonths nonymous source the same guy who says Obama is a space alien?
On the other hand, in 2008 Mr. Source said "you think 2% growth for six monthd is a bad economy? Just wait and see how Obama trashes the economy for six years", so I guess he's right sometimes.
Re: (Score:2)
The GDP in 2008 was negative for 3 out of the 4 quarters, and for the year. It was a CRUSHING -6.3 percent for Q4 2008. 2% growth would have been a giant improvement.
Mr Source needs to update his talk.
Re: (Score:2)
Actually, being cheap loses. You are trivially vulnerable to a man in the middle attack by anyone who can intercept your traffic. They only need to create their own self-signed key (or a CA-signed one) with your site name in it.
Re: (Score:2)
Just in time for BH/DC.
Re: (Score:2)
Can tap in? They already have, years ago.