đź“… Original date posted:2013-12-08
đź“ť Original message:On Sun, Dec 8, 2013 at 12:40 PM, Drak <drak at zikula.org> wrote:
> Let me clarify. SSL renders BGP redirection useless because the browser
> holds the signatures of CA's it trusts: an attacker cannot spoof a
> certificate because it needs to be signed by a trusted CA: that's the point
> of SSL, it encrypts and proves identity, the latter part is what thwarts
> MITM. If there was an MITM the browser screams pretty loudly about it with a
> big threat warning interstitial.
Sadly this isn't true: There are (many) CAs which will issue a
certificate (apparently sometime within minutes, though last
certificate I obtained took a couple hours total) to anyone who can
respond to http (not https) requests on behalf of the domain from the
perspective of the CA.
This means you can MITM the site, pass all traffic through except the
HTTP request from the CA, and start intercepting once the CA has
signed your certificate. This works because the CA does nothing to
verify identity except check that the requester can control the site.
If you'd like to me to demonstrate this attack for you I'd be willing—
I can provide a proxy that passes on :80 and :443, run your traffic
through it and I'll get a cert with your domain name.
I'm sorry for the tangent here— I think this sub-discussion is really
unrelated to having Bitcoin.org behind SSL— but "someone is wrong on
the internet", and its important to know that SSL hardly does anything
to reduce the need to check the offline signatures on the binaries.
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 17:10:31
in reply to nevent1q…mcp8
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 17:10:31Event JSON
{
"id": "f587965266e071c0e771fd16df0c27872c8a2c48018fa9467ed572616b4087ee",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686150631,
"kind": 1,
"tags": [
[
"e",
"d517aa463a22abef5f03468f652eeefb44676da99926537d88111078c3e0468b",
"",
"root"
],
[
"e",
"a238d2a49ee6ac90069035a30f1516c09d516ad3f5cc8fede787f81364366519",
"",
"reply"
],
[
"p",
"50ece7cbb2dc316af1cd5da0d62e0e1fec40f20919242c8fbedd53702fba95db"
]
],
"content": "📅 Original date posted:2013-12-08\n📝 Original message:On Sun, Dec 8, 2013 at 12:40 PM, Drak \u003cdrak at zikula.org\u003e wrote:\n\u003e Let me clarify. SSL renders BGP redirection useless because the browser\n\u003e holds the signatures of CA's it trusts: an attacker cannot spoof a\n\u003e certificate because it needs to be signed by a trusted CA: that's the point\n\u003e of SSL, it encrypts and proves identity, the latter part is what thwarts\n\u003e MITM. If there was an MITM the browser screams pretty loudly about it with a\n\u003e big threat warning interstitial.\n\nSadly this isn't true: There are (many) CAs which will issue a\ncertificate (apparently sometime within minutes, though last\ncertificate I obtained took a couple hours total) to anyone who can\nrespond to http (not https) requests on behalf of the domain from the\nperspective of the CA.\n\nThis means you can MITM the site, pass all traffic through except the\nHTTP request from the CA, and start intercepting once the CA has\nsigned your certificate. This works because the CA does nothing to\nverify identity except check that the requester can control the site.\n\nIf you'd like to me to demonstrate this attack for you I'd be willing—\nI can provide a proxy that passes on :80 and :443, run your traffic\nthrough it and I'll get a cert with your domain name.\n\nI'm sorry for the tangent here— I think this sub-discussion is really\nunrelated to having Bitcoin.org behind SSL— but \"someone is wrong on\nthe internet\", and its important to know that SSL hardly does anything\nto reduce the need to check the offline signatures on the binaries.",
"sig": "866b8c0a3e294d8389adf73505bea74875c070217afe07d36d59f9576a226e0226a7ea23515cf3d65a66bd08474f49bb6576137c35aebcd2ba0d759c6fdd319b"
}