[SSL Observatory] Ubiquitous usage of non-ephemeral keys

ArkanoiD ark at eltex.net
Thu Apr 7 02:34:46 PDT 2011


It might be that simple:

save "interesting" traffic fisrt;
launch successful (but not very stealthy) attack second;

key gets compromised and replaced; as the compromise timeframe is relatively small
and no sensitive data are stored on server itself, the impact is considered to be relatively low,
actually it is not.

On Thu, Apr 07, 2011 at 04:03:15PM +1200, Peter Gutmann wrote:
> ArkanoiD <ark at eltex.net> writes:
> 
> >Are we really sure it is ok that anyone who got possession of expired server
> >private key can decipher any old capured SSL traffic?
> 
> WYTM?  ("What's your threat model").  This requires that someone, somewhere,
> is saving off gigabytes? terabytes? of white noise every day on the off chance
> that they stumble across a private key at some point in the future.  If you're
> really worried about the Chinese MSS doing this then use a PFS cipher suite
> (which Tor does anyway, so you're safe by default) but for anyone else, there
> are about a thousand bigger issues to worry about.
> 
> Peter.




More information about the Observatory mailing list