[messaging] Can a pre-shared public key prevent MITM-attacks?
U.Mutlu
for-gmane at mutluit.com
Mon Dec 7 16:51:23 PST 2015
Justin King-Lacroix wrote on 12/08/2015 01:37 AM:
> SSL (used by HTTPS) depends on PKI to solve this problem. PKI is about
> having a trusted third party to vouch for the identity of at least one of
> the participants involved. That trusted third party is the CA - VeriSign,
> Thawte, Comodo, etc.
>
> HTTPS is therefore secure against MITM as long as all of the (hundreds of)
> CAs operate correctly -- that is, they aren't subverted by a malicious
> party, and they don't lose their signing keys.
But just one side isn't sufficient; both sides must be secure to prevent MITM,
isn't it?
> On 8 December 2015 at 00:27, U.Mutlu <for-gmane at mutluit.com> wrote:
>
>> Justin King-Lacroix wrote on 12/07/2015 02:52 PM:
>>
>>> No. Even in principle, this is essentially impossible -- two parties with
>>> no relationship basically can't communicate securely.
>>> There are lots of approaches to the problem, but they all involve breaking
>>> the 'no relationship' constraint. PKI -- and thus iMessage, WhatsApp --
>>> does it by introducing a well-known trusted third-party. PGP / Web of
>>> Trust
>>> does it by relying on social graphs. OTR and SSH leave it up to you: they
>>> show you the key fingerprint, and it's up to you to work out whether it's
>>> the right one.
>>> But in general, the problem you're describing has no solution.
>>>
>>> (Once you've exchanged keys, of course, there are a multitude of way to
>>> create a secure channel on that basis. But you need to exchange keys
>>> somehow first.)
>>>
>>> Justin
>>>
>>
>> But this means for https in practice that:
>> NONE of the security protocols used in https is secure against MITM.
>> So, https is insecure whatever ciphers one uses, be it DH_RSA, DH_DSS,
>> DHE_RSA, DHE_DSS or any of the others possible in the security protocol
>> settings.
>> That means, NSA & Co. can MITM all https communications.
>> Unless one exchanges with the site in advance (ie. manually) the certified
>> public keys of each other, but which in 99.9% of the cases surely not
>> happens because of the extra and manual work (and costs) needed.
More information about the Messaging
mailing list