[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

Jacob Appelbaum jacob at appelbaum.net
Wed Sep 7 03:01:27 PDT 2011


On 09/07/2011 11:47 AM, ArkanoiD wrote:
> On Wed, Sep 07, 2011 at 11:42:22AM +0200, Jacob Appelbaum wrote:
>>
>> We shouldn't damage the security of the internet to meet the needs of
>> some corporate security culture nonsense. If cert pinning is easily
>> disabled without user interaction it will be disabled by an attacker. 
> 
> Not necessary.

Break the site. If you want to be a MITM where it is hard coded, I
expect browsers to hard fail. That's a fine trade off from a security
perspective from where I'm sitting as both a user and a network admin.

> 
>> If you have special corporate needs, why don't you recompile the browser
>> to remove the security features that protect users? I'm sure some
>> corporation's over worked security team will do a better job!
> 
> Actually at the moment my MITM proxy enforces certificate security way better than browsers do.
> 

Unless I pop a shell on your proxy, right? Is your proxy implementation
public?

>> I have requested cert pinning in Chrome because if the wrong certs are
>> presented, I want it to fail closed. I want users to avoid being MITM'ed
>> by attackers regardless of their intentions or corporate environmental
>> needs.
> 
> Ah, then losing all network traffic control (it means just that: poke one hole and one is more than enough) is good for security. "Great".
> 

I think you're already doomed. Do you suppose that you are able to
detect all the covert channels in existence? Lots of covert channels
work through such a proxy system. That's a laugh and a half to say the
least.

I'd rather that browsers block the site and then users know they're
being censored, filtered, protected or whatever you might call it.

All the best,
Jacob



More information about the Observatory mailing list