Network Middleware Still Can't Handle TLS Without Breaking Encryption

An academic study published last month shows that despite years worth of research into the woeful state of network traffic inspection equipment, vendors are still having issues in shipping appliances that don't irrevocably break TLS encryption for the end user. From a report: Encrypted traffic inspection devices (also known as middleware), either special hardware or sophisticated software, have been used in enterprise networks for more than two decades. System administrators deploy such appliances to create a man-in-the-middle TLS proxy that can look inside HTTPS encrypted traffic, to scan for malware or phishing links or to comply with law enforcement or national security requirements.

[...] In the last decade, security researchers have looked closely at the issue of TLS inspection appliances that break or downgrade encryption. There has been much research on the topic, from research teams from all over the world. But despite years worth of warnings and research, some vendors still fail at keeping the proper security level of a TLS connection when relaying traffic through their equipment/software. Academic research [PDF] published at the end of September by three researchers from Concordia University in Montreal, Canada, shows that network traffic inspection appliances still break TLS security, even today.

Sigh

And these dumbass corporations/organizations wonder why I VPN around their shit.

Re: Sigh

It's funny that you think your hiding by using VPN, for some company that is going through the trouble of doing a MITM. Do you even know for certain they aren't decrypting your VPN traffic? They certainly are seeing the packets traverse the network, even if it's encrypted. People seem to (wrongly) think just because something is "encrypted" (or sent via proxy) means that it's not still being transmitted over some medium.

Re: Sigh

[viperidaenz]

These MITM proxies only work because they create their own certificates for every domain you visit, signed by their own CA, which is installed as a trusted CA on every corporate machine.
If the software you use doesn't trust that CA, you'll get notified of the MITM.
If the software you use records the fingerprint of the host you connect to, you'll be notified of the changed fingerprint when the MITM proxy intercepts the connection, even if the machine trusts the MITM CA.

They're not magic encryption breaking devices. They simply pose as the remote server and offer their own certificate. They then make another connection to the remote server. The issues come up when the remote server is dodgy. Any trust issues in that connection can't be forwarded on to the client. The proxy needs to decide to accept it or deny it.
Advances made in browsers to detect these issues aren't always made in the proxies.
Compromises get made in the configurations of them so a few broken websites will still work - from accepting weak encryption protocols to ignoring name mismatches to not checking for revoked certificates.

It is actually possible in theory to build a secure MITM HTTPS proxy. In reality they contain bugs and compromises.

Re: Sigh

[gl4ss]

the point is that vpn'ing around it doesn't make half the software you use break like letting it pass the mitm does(unintentionally mind you). any sw that does any attempt at detecting a mitm and doesn't take the certs to trust from the operating system just breaks.

also. "corporate installed encryption breaking software breaks encryption". yeah who would have thought.

and if you're using a decent vpn client then yeah you would know because it wouldn't trust the corporate certificate in the first place.

unless its end to end, its going to break

Having a MITM on purpose is breaking things by design.

The end user needs to verify that the site they're talking to is the real one, by checking the certificate, but all they get is this stupid cert that was automatically generated by some stupid appliance. No way for the end user to ever know if they've gotten the right website or not.

Good luck if the appliance itself actually checks for cert validity or not.

In short, TLS is working as designed.

Re:unless its end to end, its going to break

Having a MITM on purpose is breaking things by design.

What is broken if the user trusts a middlebox?

The end user needs to verify that the site they're talking to is the real one, by checking the certificate,

Why can't a trusted middlebox do the same thing browsers do to check the certificate?

but all they get is this stupid cert that was automatically generated by some stupid appliance. No way for the end user to ever know if they've gotten the right website or not.

If the middlebox is functioning properly the same assurances are available by proxy to the end user.

Good luck if the appliance itself actually checks for cert validity or not.
In short, TLS is working as designed.

This is about implementation failure not design failure.

Re:unless its end to end, its going to break

[greenwow]

> What is broken if the user trusts a middlebox?

Nothing. This is just hyperbole.

The real question is do you trust cert authorities that have screwed-up in the past or your local IT guys? After we had several employees install malware from what they thought was a safe site since it used HTTPS, we haven't had that happen again after installing a proxy. It's the lesser of two evils.

Re: unless its end to end, its going to break

[junk]

I actually built a MITM appliance to do name based whitelists. You have a better approach? Not doing whitelists isn't an option for what we're doing.

Re:unless its end to end, its going to break

[fisted]

Good luck if the appliance itself actually checks for cert validity or not.

Care to elaborate?

Re:unless its end to end, its going to break

[Anonymous+Brave+Guy]

That's a nice ideal, but in a corporate environment you may have legal and regulatory constraints that prohibit you from actually providing end-to-end encryption from inside your network to outside or vice versa, and the kinds of devices we're talking about fit in between. If you're using someone else's computer, for example at work, then you should never assume that your browser is truly end-to-end encrypting a connection to your bank or GMail or whatever. It is common these days for large organisations to operate their own internal CA and add it as a root authority on all of the organisation's devices for exactly this purpose.

Just to be clear, this doesn't necessarily imply that anything sinister is going on. There are several legitimate and practical reasons to deploy these kinds of tools, which is why it's a problem if they don't work properly and degrade security in the process. In many places, it is also a legal requirement to disclose the possibility rather than doing it covertly. Still, if you want a truly secure and private connection, you should use your own devices obtained from reputable sources, not something managed by your employer or any other third party.

Re:unless its end to end, its going to break

So consider this, you go to some website, say, example.com.

Example.com has its own X509 certificate issued by Verisign for example. Now lets say the proxy admins haven't configured cert verification correctly and somehow example.com has its DNS servers hacked and is now being served from another malicious host with a self signed certificate. If the proxy server doesn't check for cert validation, the end user has no way of knowing that the remote site is sending the wrong self signed certificate.

Often proxy admins allow self signed certificates through simply for the fact that you get users bitching about not being able to get to some websites that use them...

Re: unless its end to end, its going to break

[andymadigan]

Block requests to port 53 outgoing and run your own DNS recursive resolver that will only resolve domains on your whitelist. If your users can get around that then they can probably get around your MITM box, too. My way around a similar MITM was to tunnel SSH over the HTTP proxy.

Bonus: It takes a lot less hardware to run a DNS resolver than a MITM proxy.

Re: unless its end to end, its going to break

[junk]

It's not about users, it's about defending against a breach. We transparently proxy all traffic, drop anything that isn't HTTP/HTTPS and only relay requests that match a whitelisted (sub)domain. Since we have so little egress traffic, i take a single system to do this and we keep a hot standby for failover. Relying on DNS doesn't offer you any protection here.

Re:unless its end to end, its going to break

The "end user" are FUCKING MORONS who can't even tell if they have power in their office half the time, confuse "wifi" with "cell-phone" calls, etc...

Yeah... I'm just gonna let the MITM box fake everything as good for them, I can trust the proxy more than the idiots sitting at the desks.

Re:unless its end to end, its going to break

What is broken if the user trusts a middlebox?

I think you just answered your own question. It's broken for a user to trust a middlebox. That's the whole reason for TLS.

Why can't a trusted middlebox do the same thing browsers do to check the certificate?

The question isn't "why can't a trusted middlebox do" but "will a trusted middlebox do and even if it does, what does that fundamentally mean?" Honestly, it's hard enough to trust browsers when I don't believe that developers are working to introduce nefarious elements nor being overtly incompetent. For middleboxes, I trust neither of these things.

If the middlebox is functioning properly the same assurances are available by proxy to the end user.

Unless I made the middlebox myself, I don't know what "functioning properly" means. And making it myself, I'm liable to fuck something up just as middlebox developers do.

This is about implementation failure not design failure.

If the designers of the box can never implement something properly, then clearly they're probably not designing things properly either.

Re: unless its end to end, its going to break

So the hope is that the attacker won't use http to exfiltrate data and spoof the ip address to bypass your dns filter?

Re:unless its end to end, its going to break

[viperidaenz]

.... which is not "broken by design", it's an insecure configuration.

Re:unless its end to end, its going to break

wat? No... so many things break, there's also so many assumptions you're making by using MiTM breaking TLS.

Assumption 1:
* you can stop malware on the wire.

Assumption 2:
* this doesn't materially increase the risk of users behind it.

Assumption 3:
* what you're doing is legal

Number 1, you can't. It's not worth trying to do it this way, even antimalware solutions are deprecating this approach. It's not meaningful security.

Number 2, you aren't better than Google at protecting your certs. And honestly unless you're in a tech firm or fortune 50 you probably aren't better than Diginotar at protecting your key material... This increases the risk dramatically, creates a bottleneck for secrets -- passwords, usernames, long lived session tokens/cookies, secrets in get requests (yeah that shit happens all the time) etc are all logged in one place... if you didn't enable detailed logging to your SEIM (why else would you inspect everything?), in which case you'd have all those sessions in 2 aggregate locations. It also holds a key on disk (yeah I've yet to find one that held the Sub-CA in an HSM of any sort) that can be used to mint other certs later.

This is just the gist, there are lots of other corner cases worth considering as well.

Number 3, are you sure you're entitled to intercept the traffic to and from your employee when they file a EEOC complaint? Are you entitled to do that for Doctor Patient communication when your employees email their medical care professionals? Is your legal team ok with the liability of *knowing* what you and your doctor say to each other? Are you now subject to GDPR (hint, have you employed any EU citizens?)

You don't want to do this, you really really don't.

Re:unless its end to end, its going to break

Maybe educate your employees? Ok maybe I am asking a bit much here but this seems like a fairly simple misunderstanding that would help the employee not just at work if understood properly.

Re:unless its end to end, its going to break

Yes, This is a feature and not a bug.

Re:unless its end to end, its going to break

In the US number 3 is irrelevant. Most places will have waivers as part of an acceptable use policy for any accidental traffic, as well as legal notifications that the systems / network is for work related purposes only and any other use is forbidden. Often with a violation being cause for immediate termination. (At least in states that don't have right to work style laws.)

As for the GDPR, if you work for an American company, your choice is this: Either don't make a claim, or lose your job. (And possibly the jobs of every other EU citizen employed by the company.)

Number 2, you aren't better than Google at protecting your certs.

Citation Needed on an individual case by case basis if you please. Oh? what's that? You have no idea what you're talking about and just assuming "big multinational rich company = secure"? I wonder how much Google charges for total access to your life.....

As for number one, yes you can assuming it's a known attack pattern, malicious site / link, or malware signature. Sure it won't stop all attacks, but it will stop the script kiddie / low hanging fruit attacks. That's better than stopping no attacks period.

I know you love Big Alphabet and BookFace keeping all of their data on you safe and sound behind their encryption keys, but maybe you should consider the time, place, and equipment you're making that regular sugar daddy call with. If your probation officer overhears your conversation, you really can't blame him given you're using his phone, at his office, on his time to do it now can you?

I think the point of certificates and ...

all that is that you're not supposed to be able to do this. Sounds like it's working as designed.

Re:I think the point of certificates and ...

You should read the article as it's a bit more nuanced than that. The general points is that even in instances where you want and allow that kind of inspection to take place (ie employer making sure no one's downloading a worm), the "middleware" is breaking things in that they accept certificates they have no business accepting today. No matter what your local security is set to (disallow any connection below TLS 1.2, for example), the middleware will connect to the remote network which is only accepting TLS 1.0 or whatever, or even worse signed certificates. Since your client only sees the cert from the butt end of the middleware, they cannot tell the actual state of the remote connection. It's not just about the middleware "spying" and that being a bad thing - the middleware is preventing any sort of inspection or security limits on the certificates they are accepting from the remote endpoint.

Likely they just simply fail at doing that to make sure that it's "easy to work with". But, it's seriously downgrading the security of all of the clients they are meant to protect. The question these researchers are putting to the purchasers of this equipment is basically: "Is it worth it to shred your ability to keep your TLS endpoints secure so that you can inspect the TLS sessions themselves?"

Re:I think the point of certificates and ...

Encrypted is encrypted. It's not "encrypted when convenient". I'd say everything is working perfectly. If I'm using https, then nobody should be able to MITM it. Not my employer, not the government, not malware.

Re:I think the point of certificates and ...

[sexconker]

Correct. Any other stance is just wrong. If you don't trust a host on your network communicating with the outside, then don't allow that to happen at all. If some things must be allowed, then work on a whitelist.

If you're trying to read encrypted traffic when you are not one of the 2 hosts involved in the encrypted connection, then you are hostile and malevolent - no matter your purported reasoning or intention.

Re:I think the point of certificates and ...

[Anonymous+Brave+Guy]

That position is untenable both mathematically and legally.

It's perfectly logical that an intermediary device can decrypt and re-encrypt data with no flaw in the security protocols, if suitable certificates and trust are configured on both the originating device and the intermediary.

And while technical people will naturally be concerned about the possibilities of abuse with MITM-style devices, the fact is that we live in the real world and the people responsible for corporate security and regulatory compliance aren't just going to run open pipes in and out of large organisations in most cases. That could lead to business-ending liabilities in all kinds of ways just because Joe in Accounts Receivable thought running taylor_swift_naked.exe that he downloaded from his GMail account seemed like a good idea.

Re:I think the point of certificates and ...

It can't. I have an information-theory proof that *no* such proxy can exist.

Re: I think the point of certificates and ...

Just because regulators / employers / spies want the internet to work this way it doesnt mean that it will. You cant have it both ways.. either block and whitelist or allow it all.

Re: I think the point of certificates and ...

[Anonymous+Brave+Guy]

If the legislators/regulators want the Internet to work that way, then as long as you're using equipment managed by someone under the authority of those legislators/regulators, that's very likely exactly what will happen. If you don't like it, don't use other people's equipment to connect to the Internet.

Re:I think the point of certificates and ...

[Anonymous+Brave+Guy]

No, you don't. There is an entire industry based on this kind of technology, and the underlying mathematics is well understood. If you think you can prove that what this industry does every day can never work, then you have misunderstood what is actually happening.

Re:I think the point of certificates and ...

[markdavis]

>"If you don't trust a host on your network communicating with the outside, then don't allow that to happen at all. If some things must be allowed, then work on a whitelist."

That's what we do for most users (a whitelist). And it is no simple task, either. This is because sites link to other sites and content delivery networks, too. So for a page to really "work", then there might be lots of things that also have to be whitelisted.... many of which are not easy to find/discover. And many of which change over time.

Re:I think the point of certificates and ...

[Nethead]

Agreed. They never worked in a NIST environment or had to ensure that certain documents never leave the network. Wait until they learn we also disable USB ports!

At least in the US, that is the company's machine and network and they will damn well do what they want with it. There is no freedom by design.

Re:I think the point of certificates and ...

[sexconker]

It's perfectly logical that an intermediary device can decrypt and re-encrypt data with no flaw in the security protocols, if suitable certificates and trust are configured on both the originating device and the intermediary.

Fucking WRONG.

Any such intermediary is breaking the protocol by doing that, even if it does so successfully. The protocol is to facilitate END-TO-END encryption between TWO AND ONLY TWO hosts on the network.

A host in the middle decrypting that traffic for any reason is by definition an attacker.

Re:I think the point of certificates and ...

[sexconker]

Disagreed. If you don't want shit leaving your network and you move to break encryption, you're still an attacker and you're still breaking encryption.

I don't care what your reasoning is. I don't care if you OWN the hosts involved. I don't care what you're trying to prevent. By decrypting the traffic on a machine that is not one of the two endpoint hosts that are trying to talk to each other, you are in the wrong.

Re: I think the point of certificates and ...

I manage my work PC myself - it is not managed by someone else. The joy of being an expert and being respected as such. Keeping a PC safe is not hard.

It used to be, you brought your own tools to do your job. As in, "Got your own shovel?". "Drive your own car?" An approach that works for computers too. Company sets some rules - but they certainly don't have to manage every device on the network. When you vpn in to work from home/hotel, they can't know whats on those networks anyway. Have an internal network that is robust, instead of the silly idea of having mega-vulnerable equipment behind very strict firewalls. I had my office PC on a public IP till 2016 - this was not a problem.

Re: I think the point of certificates and ...

[Anonymous+Brave+Guy]

An approach that works for computers too. Company sets some rules - but they certainly don't have to manage every device on the network.

Unfortunately, in modern times it doesn't work so easily. That's why handling BYOD policy is one of the current big discussions in corporate IT, why dual-purpose devices where there is a remote wipe controlled by corporate IT exist, and so on.

When you vpn in to work from home/hotel, they can't know whats on those networks anyway.

And again, that's why VPNs and on-site guest networks that have devices outside the firewalls tend to have more limited access.

Have an internal network that is robust, instead of the silly idea of having mega-vulnerable equipment behind very strict firewalls.

It's not either/or. Deploying these kinds of tools is all about having layers of security and isolating different parts of the network as much as possible.

I had my office PC on a public IP till 2016 - this was not a problem.

Perhaps, but if there was a zero-day vulnerability then your PC might have given the attackers a path directly into the network. Assuming that you really do mean directly connected and not just having its own assigned IP but still behind the firewalls/proxies, of course.

Re:I think the point of certificates and ...

[Anonymous+Brave+Guy]

You're talking about what you'd like to happen. I'm talking about mathematics. No security is being broken here, because the local endpoint is actively configured to trust the intermediary by its authorised administrator. The violation of the protocol is only in the sense that if the local user is not also the administrator of the system, and if that user has not been made aware of the arrangement, then their trust in the system as a whole is misplaced.

Re:I think the point of certificates and ...

[Nethead]

Nope. 30 years of networking says I'm right.

Re: I think the point of certificates and ...

How is seeing Taylor Swift naked not a good idea?

Re:I think the point of certificates and ...

[sxpert]

agreed, if you have any business with EU citizens, then, MITM-ing the traffic is illegal, period...

Re:I think the point of certificates and ...

[lfourrier]

I'm not so sure you can make such a statement.
In fact, I know for sure it is false as expressed.
If you are an european company with european employes or visitor (who are often EU citizens) and you provide them with internet access, and you warn them that you can intercept their trafic, MITM can be acceptable.
ANSSI (Agence Nationale pour la Securite des Systemes d'Informations, french governemental agency for IT security) even publish a guide explaining how to install your MITM proxy (https://www.ssi.gouv.fr/guide/recommandations-de-securite-concernant-lanalyse-des-flux-https/)

Re:I think the point of certificates and ...

[Anonymous+Brave+Guy]

Sorry, but that simply isn't true.

Re:I think the point of certificates and ...

[DarkOx]

So you "trust" for example that Slashdot has not been compromised and there is no possibility loading this page will send down some malicious javascript that might do a heap spray and exploit your browser?

Sorry buddy the entire Internet works on people connecting to hosts and parsing and in some cases execute content from hosts they have no reason to "trust." As a network admin I could ensure one hosts (the intercept proxy) got signature based IDS updates every 15min. I could not make sure every host on my network had new signatures every 15min. We can have a separate discussion on the value of that protection but its one layer and its one thing that is only practical to do at high frequency at a choke point ( and at less than high frequency its really is worthless).

Than there is outbound. I might trust my employees to not act maliciously (after all if I don't trust them in that sense I should probably can them) That does not mean I trust them not to forget an accidentally violate policy. DLP services and such work well for that; but only if you can look at the content.

Trust isn't black and white. Its a matter of degree; and its a lot easier to establish a high degree of trust in a host like a proxy than in all the hosts you don't control and even in a lot of cases those you do.

Re:I think the point of certificates and ...

That is just ignorant in the extreme.

daqfuq? "still"?

Tautologies are still taugologous? Who could have known???

New definition for middleware?

[Nkwe]

Encrypted traffic inspection devices (also known as middleware)

Really? I don't think I have ever heard of middleware used in that context. I have always thought of middleware as a software layer that abstracts something between applications. It seems weird to refer to a hardware device as "middleware".

Re:New definition for middleware?

[Quince+alPillan]

It's the same thing. The software layer just runs on it's own separate networking hardware in between the client and server.

Re:New definition for middleware?

[xxxJonBoyxxx]

Back in the day middleware was software that translated one protocol or type of dataset into another. Basically it allowed two different systems to talk together...better. Sometimes it was two applications running on the same system, but in the enterprise world, it was often applications running on two different systems (so it often also integrated with queuing or other data transfer system).

I did find the idea of calling a "device" something-"ware" kind of humorous. I really hope that doesn't catch on.

Re:New definition for middleware?

[Nkwe]

It's the same thing. The software layer just runs on it's own separate networking hardware in between the client and server.

True, but in this case the "middleware" isn't really bridging two applications, it is monitoring the communications between them. I suppose you could call the man-in-the-middle attack software "middleware" between the end applications and the monitoring applications, but that feels like a stretch.

Re:New definition for middleware?

[fustakrakich]

They probably meant *meddleware*

Re:New definition for middleware?

[mysidia]

I think whoever wrote or proofread the ZDNet article Introduced mistakes, here.

The phrases "TLS Middleware", "TLS middleware appliances," and "Middleware appliances" appear throughout the article Slashdot linked, BUT
the paper does not use the word even once. They are called Middleboxes in the study.

Re:New definition for middleware?

No it's not. There are lots of things called "middleware" that aren't appliances. Middleware is software, not appliances.

Re:New definition for middleware?

I am under the impression middleboxes is the term being discussed here.
https://tools.ietf.org/html/rfc3234

Re:New definition for middleware?

that's because your a software person with know knowledge of anything else. Those hardware terms have been around a long time.

Re:New definition for middleware?

[EvilSS]

Man in the Middleware

IDIOTS

Preventing man in the middle attacks is the fucking point of TLS. Of course you can't perform a man in the middle attack without breaking TLS you morons.

Re:IDIOTS

[WaffleMonster]

Preventing man in the middle attacks is the fucking point of TLS.

The point of TLS is enforcing trust relationships.

Of course you can't perform a man in the middle attack without breaking TLS you morons.

Delegating termination of TLS to something you trust is not an attack. You are confusing middlebox implementation failure with design failure.

This is no different than delegating your secretary to answer a secure call on your behalf and having them relay relevant information to you.

Re:IDIOTS

Employers and colleges intercepting, monitoring, and censoring users secure sessions isn't what I'd call delegation.

Re: IDIOTS

[junk]

What about limiting egress traffic from high security networks that have nothing to do with traffic from people? Perhaps you don't know all the use cases for things.

Re: IDIOTS

What about limiting egress traffic from high security networks that have nothing to do with traffic from people? Perhaps you don't know all the use cases for things.

That's called blocking all outgoing connections. Or disconnecting the network. Because even connection attempts can transfer information.

Re:IDIOTS

Breaking it is not 'hard' per se. All you need is a valid CA and signed cert for it. Plus the ability to sign your 'CA' cert into the originator. For something like a proxy server you may want to do that. For something like working at a bank they want to track what you are doing (as per the law).

hehe catcpa 'encrypts'

Re:IDIOTS

[WaffleMonster]

Employers and colleges intercepting, monitoring, and censoring users secure sessions isn't what I'd call delegation.

If you don't trust a middlebox and don't want to be fooled by one then don't install root certificates necessary for it to function.

Politics surrounding middleboxes especially ones forced upon end users are a different matter from my comments on technology itself.

I personally believe there are both constructive and destructive uses of middleboxes, integrity only cipher suites and even completely insecure communications.

If you are being coerced into accepting trust relationships you don't actually find acceptable then of course there are natural consequences arising from that political reality. Technology can't generate trust it can only leverage it.

Re:IDIOTS

I don't want to have to waste time cleaning up after malware on our network and if our employees don't want to have their private communications intercepted, they can do their private communications on their own equipment. Don't get me wrong, I don't give a shit what they're doing and I'm not interested in violating their privacy, I'm simply keeping our company network secure.

Re:IDIOTS

[viperidaenz]

Which they can only do with these technologies if the computer being used is theirs.
If the computer doesn't trust the CA used to create the new certificates, you'll get browser security errors.
If you want to use someone else's computer, you need to obey their rules. It's not your computer.

Catch 22 of security

[rtkluttz]

The OWNER of endpoints should always be able to see what is flowing over the encrypted channel. Man in the middle is ALWAYS bad. If there are designed in ways for the owner of endpoint devices to inspect their traffic, then man in the middle is irrelevant. But what we have now is different levels of bad depending on the class of device we're talking about. For enterprise devices, the corporate owner should technically already have the ability to enforce a proxy or to enforce software installation that allows inspection of any and all traffic. But the real problem is Internet of things and home user class devices where vendors are weaponizing our devices against us and treating us as the thing that needs to be secured against. I should be able to see, decrypt, analyze and authorize every byte of traffic leaving my home, whether it comes from my smart TV, my PC, my phone or any apps on those devices. And it should be done without the defeating the security with a man in the middle. Just the fact that I own the device means I should be able to inspect all traffic coming and going through the interface before or after decryption but in a state not controlled or limited by any application that I don't have complete control of. The only way this will ever happen is if a consumer bill of rights ever comes.

Re:Catch 22 of security

[DigiShaman]

At some point, there will be a consortium that creates an approved subscribed "white list" of sorts for Enterprise involving both sites and services. We already have content filtering and categories classifications at the firewall level, but it's not enough to just micro-manage a constantly moving target.

Re:Catch 22 of security

[guruevi]

Ah yes, the consumer bill of rights, and now you're advocating for a key-to-all-encryption to get access to the data you're "entitled" to. That is how these laws will be written after all and unintended consequences will mean that not only can you see the data, but so can the FBI and NSA and everyone else.

Nobody should be able to MITM. If you need control over the end device, you need to obtain control over the end device, not everything else.

Re:Catch 22 of security

Ah yes, the consumer bill of rights, and now you're advocating for a key-to-all-encryption to get access to the data you're "entitled" to.

No, just allow end user to make their own SSL certs / SSH keypairs.

Re:Catch 22 of security

[viperidaenz]

Without MITM, some organisations will have no option but to either
A) break the law
B) block all encrypted communication

Re:Catch 22 of security

[rtkluttz]

Umm.. that is exactly what I said. The ability of the owner of a device to snoop their own device traffic AT THE ENDPOINT needs to enshrined in law. Our devices are being weaponized against us.

Re:Catch 22 of security

[guruevi]

You already have that capability. Simply read out the chips or upload a custom firmware. The problem is generally that it's not easy, but if you want to make it easy, then you're opening the door for others as well.

Middleware can mean a lot of things

Who wrote this?

Encrypted traffic inspection devices (also known as middleware)

Re: No middleware in FEDERAL PRISON

You are a pathetic person, you sound like you have a miserable life.

Why not sign?

[Bengie]

Encryption in this case provides two benefits: 1) Privacy, knowing that you're only talking to the one site 2) Signing, knowing that the data you got was unaltered from the site

What if they made it so the MITM HTTPS proxies only broke #1 and could just pass through the content. Then the client could at least know that the content was unaltered. Assuming the proxy is decently implemented and validates the site, the proxy could now become responsible for making sure that the connection is secure and the client can assume that the proxy is handling this.

Re:Why not sign?

[Anonymous+Brave+Guy]

The basic premise of these systems is that the person managing the endpoint has voluntarily configured it to trust a MITM device that will impersonate (through certificate forgery, essentially) the other endpoint. Given that certificate forgery, how do you know you can trust any signature either?

Ultimately, if you don't manage the endpoint you're using, the game is already over.

Re:Why not sign?

[Bengie]

That's only in the case where you assume to have installed the CA from the proxy. If all you did was indicate that you "trust" the proxy, then the proxy could be trusted for only the matter of privacy, but still require the content be signed by the site.

Re:Why not sign?

[viperidaenz]

There is no way to do what you're suggesting without creating new protocols.
You could still use TLS to implement #1 as is done now. You'd need a second layer that doesn't use the CA installed to make #1 work to implement #2

But how ...

[PPH]

... else will these network gear vendors deliver equipment capable of inserting advertisements into your HTML stream?

malware

they meant to say malware. it's breaking encryption to spy.

Then maybe they should develop a standard...

for encrypted HTTPS proxies that have the proxy handle endpoint termination and pass sideband info to the browser identifying the remote site.

It is a lot of code, but if they need these capabilities then someone should be able to fork over the dough to get it included as an optional feature in the major 2-3 browsers.

Stop trying to MITM crap.

Filter on other things if you need to filter. I like the approach in used in DNSthingy which combines DNS filtering with Firewall.

NEWSFLASH: TLS (finally) works as designed

[SLOGEN]

Nice angle on the story there /.

So, corporate network traffic is easy pickin'

[cliffjumper222]

As I understand it, a lot of big corporations use these tools and have the employee PC's install certs so that it all works. The upshot is that not only is your traffic not hidden from your employer (something that was made clear to me every time I logged into my previous employer-owned PC) but that when the traffic goes onto the internet, it's not that securely protected because of these weak appliances. That may have an impact on the security of any SaaS products the corporation is using (Salesforce, etc.), so as a Corp IT guy I'd be trying to fix that. Alternatively, as a corporate espionage attacker, it sounds like traffic between corporations and SaaS offering are ripe for the picking!

Re:So, corporate network traffic is easy pickin'

The specific problem is that the forgery isn't honoring the security of the actual endpoint. For example, in some cases an invalid certificate from the endpoint was being forged into a valid certificate presented to the browser, which prevents the browser from warning the user about the insecure nature of the actual endpoint.

The concept of forgery itself isn't the problem and doesn't inherently weaken security because, as you note, it requires deliberate action by the device owner to allow the forgery. Nothing about this makes intercepting traffic to endpoints with proper and valid certificates easier. If the vendors of these middle-boxes fix their software, by making it properly emulate the security level of the connection and validity of the certificates, then the problem would be solved.

Cisco ETA, problem solved already

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf

More ways to screw it up is worse

[raymorris]

If you're talking directly to the origin server, you're trusting
a) the public certificate authority.

If you're talking to a proxy, which then talks to the origin server, you're trusting:

a) Your local admins not only set up the proxy securely, but have kept updating the configuration every few months to stay up with the latest attacks.

b) The proxy vendor got it right, and keeps it updated.

c) the proxy server (which has the unecrypted data) hasn't been compromised

d) the certificate authority

The proxy is strictly weaker, in an absolute sense, because it requires trusting the certificate authority PLUS trusting the local admins get it right and keep it right, PLUS trusting the vendor of the proxy. You have to trust the same original CA plus two more groups of people, plus trust that the proxy server itself is insecure, that the server OS etc hasn't been exploited.

Therefore the proxy is more dangerous in an absolute, mathematical sense. It's not even debatable because adding more ways to fail *always* makes it weaker.

Re:More ways to screw it up is worse

You have to trust the same original CA plus two more groups of people, plus trust that the proxy server itself is insecure, that the server OS etc hasn't been exploited.

Except you have to assume all of the above on the site you're connecting to as well, not just the proxy.

Yes, adding the proxy adds complexity, but the people running that proxy are also the people who own the hardware you're using to connect to that original site in the first place. If you do not trust them to run the proxy, then why do you trust them to run the hardware you use to connect in the first place?

Case in point, I've actually demonstrated to end users the presence of a MITM proxy before when I saw them using it to access their personal bank accounts. They literally could not tell the difference between the real cert for their bank, and our proxy cert. In some cases they couldn't even check the cert in use because the browser on their phone wouldn't let them unless the cert was invalid. When I explained to them what the difference was, specifically that we could see (and alter) anything they used our systems with, not only did they thank me for it, but I never saw them use their workstations for personal use ever again. (They just use their phones instead to watch porn.... but that's a fight for another day.)

This is just more FUD meant to encourage people who don't know how basic computer security works to shy away from PKIs that are not owned by the big preapproved CAs, while at the same time trying to play up the idea that they are "making the internet safer." In reality, they aren't doing a damn thing. Except misleading people into thinking they are safe when they see an icon that for all intents and purposes have no idea what causes it to be displayed.

TLS is defective by design.

The whole concept of your browset maket putting a set of CAs in front of you, that are blindly trusted... witout you ever having even met a single person at any CA ...is already completely invalid security.

The browser should ask you, if you trust a CA to verify a site, for each site, and only trust the CA for verification, if you do.

And it should give you ways to easily check the trustworthiness of CAs.

Which ends up just becoming a PGP-like web of trust.
PGP's awful implementations should not distract us from its necessity. Wr should just find a better way to do that!

And if someone by accident was let in front of a computer without having a clue, then they should appoint a legal guardian to help them and their disability.

Re:TLS is defective by design.

[MachineShedFred]

Yeah, except at some point there needs to be a level of trust that doesn't fundamentally break the Internet for the average user.

What's the difference between "blindly trusting" a CA that the browser already has loaded into it's certificate trust store, versus John Q. Public mashing the "trust" button blindly for the 37th time since getting their new computer and having to trust all the CAs that usually are loaded into the browser's certificate trust store?

There is no more security with what you suggest, just more dialog spam making it easier for a compromised or false CA to sneak in, a la Android permissions requesting from applications that everyone ignores and just grants. With the current system, we can at least say that we trust Google / Apple / Microsoft / Mozilla to curate the CA list.

Re:TLS is defective by design.

With the current system, we can at least say that we trust Google / Apple / Microsoft / Mozilla to curate the CA list.

3/4 (and almost 4/4) of that list are openly known self-admitted information brokers who resell any of the data you send them to the highest bidder.

3/4 (and almost 4/4) of that list are also responsible for managing your device for you and in some cases forbid your input on the decision of trust.

2/4 (and almost 3/4) of that list are also hardware vendors that directly or indirectly forbid you removing their influence from the devices they produce should you choose to.

1/4 of that list don't even ship the full CA bundle with their products anymore. Instead they download the CA certs as they are needed by the user's activities. So there is even less transparency.

4/4 of that list have their own trust models as "trust first, ask questions after they fuck up." Because that's what the CAs themselves do.

Who's engaging in blind faith here? Because if you ask me, both systems are utter garbage as far as trust is concerned. At least with the former one it's not "trust everything / everyone" by default.

And it's that breakage that's the cause of TFA in the first place. "Oh, this system doesn't use the bind trust CA bundles by default no exceptions. It must be bad. They have to be doing something to my data..."

A. It stopped being solely your data the split second you clicked "Submit."

B. It's not your equipment / network so, in reality, it stopped being solely your data the split second you started typing it in.

C. In most places that implement this, you've signed away any confidentiality for what you're doing with their equipment / network so you have no standing.

D. In most places that implement this, most of what you would complain about being "compromised" is unauthorized use of the equipment / network.

E. In most places that implement this, most of what you would complain about being "compromised" is being resold to the highest bidder by the very people you're sending the data to.

TLS is defective by design. A true statement if there ever was one. The only way it isn't is if you've actually done the work to trust the people implementing it, and use it for the purposes that they intended. 99% of the public CAs out there do not meet this criteria. Remember that before you start complaining about someone else snooping in on the conversation.

Why would you need DPI for that?

Since when do you need to inspect packet contents, to limit traffic. Just limit based on source and destination.

Good to know...

So if you put a middleman device in a TLS connection, that connection no longer has TLS end to end. Well no shit... That's the whole point.

Re:No middleware in FEDERAL PRISON

[MachineShedFred]

Is this the new version of the cows go mooooo moo moo cows guy?

The cows / mooo thing was funnier. You're just pathetic. Sad.

What, no BCSI?

I'm surprised Blue Coat Systems, Inc. doesn't have any representation in this study. Were the researchers legally hamstrung to prevent them releasing results of their testing on such a device?

Cisco is doing this without unencryption

Malware and malicious traffic is being stopped without unencrypting and doing MITM type analysis. See here https://blogs.cisco.com/news/cisco-extends-encrypted-traffic-analytics-to-customers

How is this news or research?

The whole point of TLS is to prevent eavesdropping. There is no way to filter TLS streams' content without bypassing the encryption.
This isn't a story. I'm surprised it was worth spending the effort to research. Actually, I'm not "publish or perish" has made a mockery of research publications.

well duh

I thought secure end-to-end communication was a goal, not a problem..

stealth MITM barrel-rape enablement

[epine]

If the minions of the undark web weren't so busy implementing stealth TLS MITM (so that the web server doesn't know there's a validated MITM on the client end), the invasive middleware could simply intercept the encryption part, without fudge-hammering end-to-end authentication and the client negotiation of security parameters concerning the public side of the link; if the server knew the client preferences for certain, it would simply drop traffic whose public security envelope was mangled by the MITM layer.

Problem solved.