Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

OTOH, if they can get a CA - any CA - to cooperate, they can MITM anyone without having to break SSL.


Not without someone noticing. Some sites have pinned certs in Chrome, which would stop this, and even without that you would expect some knowledgeable techie at Facebook or Github or something to be using their home laptop and say, "Wait a sec, this isn't my company's public cert!"

Not having seen any blog posts screaming, "OMG, my site is being hijacked wholesale," I can only assume that the NSA isn't doing this (or has managed to squelch by legal order every single person privy to the real cert at MITM'ed sites, which is absurd and would beg the question, why not obtain the private key from these people in a similar way?).


Could they do this selectively, and only MITM people on watchlists?


Do they need to MITM? If they have a copy of the private key, can't they just use it to decrypt the data .. even old data for which they've only just acquired the key?


Having the root CA's private key doesn't give them access to the end entity's private keys. When you ask a CA for a cert, you only provide them with your public key (in the form of a CSR) for them to sign. The CSR does not contain the private key.


But getting an employee to hand over the private key and giving him a gag order afterwards is an option of course.


https://en.wikipedia.org/wiki/Perfect_forward_secrecy

https://en.wikipedia.org/wiki/ECDHE

Google is using it, a few other sites, too, though they are in the minority. OpenSSL supports it since version 1.0.0 that was released in March 2010.


True, but they would have to do this for every single web server they would want to collect information from. Not impossible, but it'd be a lot of work.


to your latter question: no, not with the right ciphers.

http://en.wikipedia.org/wiki/Perfect_forward_secrecy


Perfect forward secrecy doesn't apply if the NSA has broken the key exchange algorithm and has your session keys.


They have to set up impersonating SSL certs for every connection they want to MITM. While there'd clearly be value in them inserting or subverting network hops between "the great unwashed" and gmail/facebook/aim servers, there's very little chance the NSA have access to hops along the path between my (Australian) adsl connection and my vps (located in Australia).

For internal (or routed through) US traffic - while Verizon's lack of interest in protecting customer data is probably shared by major backbone providers - I _strongly_ doubt even the NSA has enough gear hanging off backbones to actively MITM any significant proportion of the firehose that'd represent. Even the AT&T "secret room" probably doesn't house enough gear to be able to create fake(signed)certs and MITM every SSL connection for millions or more simultaneous users browsing every https site under the sun.

Having said that, I'd bet good money the _do_ target specific SSL traffic - has anyone checked the SSL connections to TOR entry and exit points recently? That'd be one spectacularly obvious path to try "speculative MITM attacks".


Only for targeted traffic though. They can't record, go back, and break it.


This is why I tell people that actual fingerprint check is much better than any CA.


Yes, but how do you get the fingerprint to check against?


The EFF's "HTTPS Everywhere" extension is a great place to start.

    https://www.eff.org/https-everywhere


I assume he also implies that fingerprints aren't any safer


Who?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: