On Sun, Jan 18, 2015 at 08:05:18PM +0000, Kelly Setzer wrote:
I don't know if you're referring to HSTS.
No, HSTS is separate to certificate pinning. Certificate pinning would, in fact, cause Chrome to freak out in the presence of an HTTPS-intercepting proxy, but that's what it's supposed to do. I doubt that organisations regressive enough to do HTTPS-MitM would be enlightened enough to allow Chrome to be installed, though.
If not, it's worth noting in this thread. As I understand HSTS, session decryption is still possible on sites that send the 'Strict-Transport-Security' header. See: https://tools.ietf.org/html/rfc6797
Yes, HSTS allows interception; it would, on the other hand, prevent the downgrade attack which the OP was suggesting as one option to allow organisational monitoring of web requests and responses.
I suspect it's only a matter of time before browsers become suspicious by default, requiring that HTTPS responses be signed and requiring that SSL certificates come from trusted sources.
That sounds like what has been the case since... forever.
All of this points to the deficiency of the existing commercial certificate authority system. The fact that organizations can easily purchase software specifically designed to subvert encrypted communication channels is proof that HTTPS security is an illusion.
What does the existence of a HTTPS proxy have to do with the deficiency of existing CAs? Yes, CAs have issued intermediate CA certificates to MitM boxes (Trustwave has been caught doing it; I'm sure others have done it, too). However, the standard mechanism for doing this sort of thing is a locally-issued root CA certificate, which is installed in the corporate SOE as a trusted root. That is, actually, *exactly* how the TLS certificate system is supposed to work -- root CA certificate is marked as trusted, thus everything issued therefrom is considered OK. That this is possible is not "proof that HTTPS security is an illusion"; it's simply another demonstration that if the bad guy has control over your machine, it isn't your machine any more. If TLS wasn't vulnerable to this particular mode of subversion, I'm sure there'd be products out there that would hook into the core of the browser and grab the requests before they got into the encrypted channel and re-route them to the proxy, and it would be that software, rather than the local root CA certificate, which would be installed in the corporate SOE. - Matt