jdev - 2023-10-20

  1. lovetox

    https://notes.valdikss.org.ru/jabber.ru-mitm/

  2. lovetox

    Sorr if it was discussed previously

  3. lovetox

    Sorry if it was discussed previously

  4. MattJ

    In the operators channel

  5. singpolyma

    Should we start verifying SCT in certificates? I wonder how hard it is to add

  6. MattJ

    Firstly, it wouldn't have prevented this attack at all

  7. MattJ

    Secondly, someone involved in CT says "no" :) https://news.ycombinator.com/item?id=37959257

  8. MattJ

    The jabber.ru certificates were requested in plain sight, they were in the CT log and had valid SCTs

  9. singpolyma

    Not this attack no, but it could make detecting similar attacks more of a sure thing

  10. singpolyma

    Yes, for sure, but it's possible to get valid CA certs without CT/SCT

  11. MattJ

    So, require SCTs? Maybe. But is that really better than, say, pushing forward channel binding?

  12. singpolyma

    No, not better. But maybe also good

  13. singpolyma

    Especially where we don't have binding, like s2s

  14. MattJ

    True

  15. lovetox

    how does channel binding work ?

  16. Zash

    very simplified, some stuff is mixed into the authentication exchange that needs to be the same on both sides

  17. Zash

    if there's a MITM, the stuff will be different, making the authentication attempt fail

  18. Zash

    the stuff would usually be something related to the TLS connection, either a hash of something or a hash of the certificate

  19. Zash

    IIRC it's something from the end of a TLS handshake that verifies the whole handshake, and if the client and the server sees the same thing then MITM would be very unlikely

  20. Zash

    lovetox, https://datatracker.ietf.org/doc/html/rfc5802#section-6 and https://datatracker.ietf.org/doc/html/rfc9266 may be worth reading for details

  21. lovetox

    Thanks zash