[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Jacob Appelbaum
jacob at appelbaum.net
Wed Sep 7 02:42:22 PDT 2011
On 09/07/2011 10:38 AM, ArkanoiD wrote:
> Please keep in mind that there are good reasons for SSL MITM in corporate environment.
> So there should be possibility to move pinning from the browser to the proxy.
> Hardcoding anything will ceratinly break it.
Corporate needs are the same as any other MITM and they should not be
treated with any less hostility than other attacker. Every MITM has
their motivations or reasons and I don't care to cater to them at all.
We shouldn't damage the security of the internet to meet the needs of
some corporate security culture nonsense. If cert pinning is easily
disabled without user interaction it will be disabled by an attacker. If
easy MITM is an option, it will be used. We already see this at Internet
scale. Certificates that are perfectly valid were issued here - they're
not going to stop there. We need to solve the problem entirely, not
continue to use this busted trust model.
If you have special corporate needs, why don't you recompile the browser
to remove the security features that protect users? I'm sure some
corporation's over worked security team will do a better job!
I have requested cert pinning in Chrome because if the wrong certs are
presented, I want it to fail closed. I want users to avoid being MITM'ed
by attackers regardless of their intentions or corporate environmental
needs.
All the best,
Jacob
More information about the Observatory
mailing list