Wandering Thoughts archives


One limit to how much TLS can do for you against MITM attacks

One of the bits of TLS news recently has been that Kazakhstan is apparently planning to force all Internet users in the country to install a new TLS root certificate (see eg here and here) and then probably use that certificate to intercept whatever HTTPS communication they want to. This situation points out what is not so much a limitation of TLS and encryption in general as a simple absence of magic.

The obvious assumption to make is that the Kazakhstan authorities are going to end up blocking HTTPS connections that aren't willing to accept their MITM certificates. At this point, TLS is up a creek. If an attacker with control over your network link is willing to enforce a policy of 'you can only communicate if we can read your traffic', well, mainstream software has no good options. If it prioritizes secrecy over communications, you can't talk at all; otherwise, you have no secrecy. There is no magic third path.

(Non-mainstream software can attempt to smuggle traffic through various forms of steganography and concealment, but this is not really viable for popular software; the attacker will soon become aware that this smuggling is going on and block it.)

This doesn't mean that TLS is useless in this situation. TLS is forcing the Kazakhstan authorities to do this in public, in a very visible way. Without encryption or the (weak) authentication that certificate validation provides, Kazakhstan could have done this on the sly (and in fact they undoubtedly are doing it for HTTP and other plaintext traffic, just as plenty of other people are). TLS is even forcing this to be visible to software (at least software that has access to the certificate chain).

An encryption system that doesn't allow itself to be defeated this way (including TLS software that refuses this MITM certificate even if the user has accepted it) cannot 'win' on a technical level; its traffic will get blocked and it will fail to achieve both of availability and secrecy. It can only win (if it does eventually win) at the social and political level, if the resulting lack of communication is sufficiently important and painful to change the attacker's actions. Urging that software fail in the favour of secrecy here is essentially a bet that the social level will win out in the end.

(If Kazakhstan is really serious about this they're going to have to block a lot of other network protocols and connections. But they can certainly do this if they want to badly enough; after all, it's no different than what 'block by default' outbound firewalls do in many organizations. Of course they may not go this far; picking off the majority of encrypted traffic might be good enough.)

tech/TLSOneLimitOnMITMPrevention written at 02:12:57; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.