[RndTbl] MitM on IMAPS?

Sean Walberg sean at ertw.com
Sat Jan 18 06:35:11 CST 2014 

I'm pretty sure you're OK as long as the phone is still verifying that the
CA signing the received key is known. (you could test this with a self
signed certificate)

The EV bar doesn't provide any better crypto, it's just a set of tags on
the cert indicating the issuee has undergone extra offline validation. Each
CA that can issue EV certs has its own tag so it's not like someone could
make a CA and sign with the EV tags.

Wildcard wise, wildcards only work for one level of subdomain and not on EV
certs.

SSL interception needs you to inject a root CA certificate into the client.
The proxy generates a new certificate signed by the fake CA when something
is requested, pushes that behind the client, then stitches the two sessions
together. The only way the client knows is that the certificate is signed
by a different CA. I've done this as part of a web filter at a large
company, we needed to use Microsoft group policy to push out that key. It
can work transparently or with the browser having configured a proxy. But
without the client having the proxy's CA in the certificate store, all
certs look broken.

Related: I talked to Sean Cody on a podcast about stuff like this about a
year ago. I still think it's the most enlightening discussion about SSL and
trust that I've ever had.
http://linuxadminshow.com/2012/09/22/episode-2-ssl/

Sean


On Sat, Jan 18, 2014 at 3:37 AM, Trevor Cordes <trevor at tecnopolis.ca> wrote:

> I'm just wondering if it is possible for someone to MitM me in the
> following scenario and intercept plaintext traffic:
>
> dovecot imaps server with real thawte "quick" cert
> |
> imaps (ssl)
> |
> public wifi
> |
> android phone using imaps using "ssl" not "ssl (any cert)" option
>
>
> For instance, can a malicious hotspot use some sort of interception
> technique / spoofing and some sort of wildcard cert to trick my phone into
> negotiating SSL with it, which then does its own SSL to my dovecot server,
> thus MitM'ing me without me even knowing?  I know in a web browser I'd
> normally be protected against that by looking at the URL in the address
> bar, or the green EV-cert graphics (or am I wrong in even that
> assumption)?
>
> How paranoid do I have to be?  And is there any way to beat any
> shortcoming on Android, perhaps with a client cert or a way to tie the
> account to a single manually-specified server SSL cert?
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>



-- 
Sean Walberg <sean at ertw.com>    http://ertw.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20140118/7a0424a3/attachment.html>

More information about the Roundtable mailing list