this post was submitted on 18 Oct 2023
17 points (90.5% liked)

Programming

17537 readers
129 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS
 

Say Alice wants to open up an HTTPS connection to Bob through a proxy named Earl.

What prevents Earl from reading alices request, opening a connection pretending to be bob, and then opening a https connection with bob pretending to be Alice , and snooping on the traffic as it passes through ?

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 20 points 1 year ago* (last edited 1 year ago) (3 children)

Certificates and four-way handshakes.

The handshake is done in a way that nobody could intercept it. Both parties have undisclosed secrets.

The certificate is signed by a trusted authority, which can be verified with a certificate from the authority who signed it. Nothing can be forged without private keys, which are never transmitted.

My company uses a proxy which breaks end-to-end encryption and intercepts/forwards everything without either end party being aware. This is done by manually installing an authority certificate on every client in the office, and the server dishes out forged certificates for every connection. The clients explicitly trust the forgery.

This is why I prefer to work from home, with a personal PC next to me on my own network. I refuse to browse the web on company hardware.

[–] hascat 6 points 1 year ago

I refuse to browse the web on company hardware.

This should be the default no matter the policy the company has in place. I wouldn't trust an employer to not spy on my online activity.

[–] [email protected] 2 points 1 year ago (1 children)

Oooh that makes alot of sense, thanks and thanks everyone. So https cant be used for peer to peer , you need a server with a certificate from a trusted authority...

[–] [email protected] 1 points 1 year ago

Right. You'll get a warning otherwise. If you're setting up a lab for yourself, though, you can set up your own trusted authority and use that to issue certificates and it ends up very much like this within your lab.

[–] RonSijm 1 points 1 year ago

I refuse to browse the web on company hardware.

There are tools that you can use to scan whether there are no root certificates (from your company) are injected into your certificate store, if that's what you're concerned about.

But yea, even if I get company hardware, I still just do a clean OS install

[–] [email protected] 11 points 1 year ago

When Bob sets up an HTTPS web site (call it bob.com), he creates a public/private key pair, and has the public key signed by a certificate authority (CA) such as Let's Encrypt, generating a public key certificate. The certificate says that this key was signed for bob.com on a particular date.

Before issuing the certificate, the CA verifies that Bob is actually in charge of bob.com. This is important! They can do this, for instance, by asking Bob to put a particular file on the bob.com server, in a place that's publicly accessible. This proves that Bob actually has control over the bob.com domain.

Bob then puts the key pair and certificate into his web server configuration. Neither the CA, nor anyone else but Bob, have access to the private key; it only lives on Bob's servers.

When Alice's browser connects to bob.com it gets the public key certificate, and can check that it was signed by a trusted CA. If Earl injects a different public key, it won't be signed to bob.com and so Alice's browser will reject it. And without access to Bob's actual private key, Earl can't eavesdrop on the session.

If the CA is corrupt or incompetent, and issues bob.com certificates to people other than Bob (such as Earl), that's a problem! That has been a problem before. There have been CAs that have been "cancelled" for issuing wrong certificates; they are no longer trusted by browsers. Major web companies have put together Certificate Transparency to keep a public log of what certificates have been seen on the web, which makes it possible to at least notice if someone other than Bob is generating certificates that say they're for bob.com.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

The security of HTTPs relies on public key certificates.

I recommend reading up on it here: https://en.m.wikipedia.org/wiki/HTTPS#Overview

Especially the part after this segment:

Web browsers know how to trust HTTPS websites based on certificate authorities that come pre-installed in their software.

[–] [email protected] 1 points 1 year ago (1 children)

Great explanation indeed!

I was missing this part from my understanding:

The certificate correctly identifies the website (e.g., when the browser visits "https://example.com", the received certificate is properly for "example.com" and not some other entity).

In a sense it all comes down to a CA (e.g let's encrypt) not giving out certificates for your domain, so that only your server has a valid certificate for your domain and not also some attacker.

But that itself requires domain verification to be secure (robust against MITM attacks), which apparently it wasn't for the longest time.

Just recently there was a post about ACME-CAA, which addresses this issue (when configured). Great article on it here: https://www.devever.net/~hl/acme-caa-live

[–] [email protected] 1 points 1 year ago

Yeah, pretty much. If you control the DNS you can do whatever

[–] [email protected] 4 points 1 year ago

This is a good question, I dont know who would downvote that.

ELI5: Alice and bob have an aunt that knows them both and has an unfakeable voice recognition service that allows both to verify who they really speak to.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

This is about PKI. An HTTPS server has a TLS cert, and that TLS cert is signed by / created by a certificate authority (or CA). When you connect to a service over HTTPS, a TLS handshake happens. The handshake starts by the client asking a server to setup a session, and the server hands back it's certificate. This certificate can be used to encrypt traffic, but not decrypt it. The client makes sure the certificate is signed by a CA it trusts (such as let's encrypt).

Once the client has this certificate, it sends a key to the server in encrypted form, and the server decrypts it. They both now use this key to communicate.

The MITM server can't compromise the session because: If it swaps the certificate (or in other words, the encryption key the server sent), that key won't be trusted because it isn't signed by a CA the client trusts.

If the MITM tries to send its own shared key signed by the servers certificate - it doesn't really matter since it can't read the clients messages anyways to get the shared key from the client. If it forwards it, then you effectively have two separate https sessions with their own keys, and the server will treat them as distinct.

[–] Lmaydev 1 points 1 year ago

Your browser validates the public key provided against a trusted certificate authority.

The proxy won't have the private key of the server therefore the proxy can't read your traffic.

Your browser will warn you about invalid certificates if the proxy tries.