I'm just wondering if it is technically possible for your ISP to work with a certificate authority (either compelled by a government agency or otherwise) to create a MITM attack to see into your https traffic. I've used a few MITM servers from time to time to look at network traffic. When it's encrypted, I'll install the locally generated certificate from the MITM software on my OS and just like that I'm seeing the green locked icon and able to see into HTTPs connections. So I'm wondering is it possible for an ISP to get a CA to mint certificates on the fly for whatever website a user is accessing and give the user of the ISP an https page with no warnings or errors while still being able to see the traffic. I'm going to of course exclude Certificate pinning.
-
2Does this answer your question? [Can ISP use MITM attack to "break" encrypted traffic?](https://security.stackexchange.com/questions/64352/can-isp-use-mitm-attack-to-break-encrypted-traffic) – mallocation Jun 09 '20 at 02:07
-
This scenario is not much different than the incident that took place in Iran in 2011, involving the CA Diginotar. See https://security.stackexchange.com/questions/230689/if-an-adversary-took-over-a-major-certificate-authority-what-bad-things-could-t. The only difference is that in that case, the CA did not cooperate with the ISP willingly - instead, the CA was breached. – mti2935 Jun 10 '20 at 01:52
-
@mallocation I'm don't think that question really answers the question with the specifics for using a CA so that the client doesn't see a self signed cert error. – MikeSchem Jun 10 '20 at 21:46
1 Answers
So I'm wondering is it possible for an ISP to get a CA to mint certificates on the fly for whatever website a user is accessing and give the user of the ISP an https page with no warnings or errors while still being able to see the traffic.
While it would technically be possible to do so it would be overly complex. It is much easier that a CA creates a new intermediate CA certificate which the ISP then can use to issue new certificates on the fly itself. This will work as long as the domain is not explicitly pinned to a specific certificate or CA in the client (like done with google, facebook etc in modern browsers) since the browser will trust any locally trusted CA for any domain.
Publicly trusted CA actually sell intermediate CA in some cases but usually explicitly forbid misuse for MITM. Such "accidents" still happened in the past, see here or here. See also Can a nation-state adversary perform a MITM attack by compelling a CA to issue them with fake certs? for a related question.
Note that a CA which either deliberately issues false certificates, was compromised or shows otherwise bad behavior will usually be revoked as trusted from the browsers, no matter how big the CA is. This happened in the past with DigiNotar, Startcom/WoSign and Symantec.
- 190,458
- 29
- 381
- 434
-
-
@dave_thompson_085: thanks for the correction. I've included it. – Steffen Ullrich Jun 10 '20 at 05:13
-
@SteffenUllrich Does Google use pinned CA or any measure against MITM? – user215422 Jun 10 '20 at 09:33
-
@user215422: *"Does Google use pinned CA or any measure against MITM?"* - I'm not sure what you mean with this. Certificate pinning is a client side method (i.e. not a "Google" thing, unless you mean the Chrome browser) and as I wrote in my answers modern browsers use this to protect access to Google, Facebook etc. – Steffen Ullrich Jun 10 '20 at 09:50