You're looking at Less Wrong's discussion board. This includes all posts, including those that haven't been promoted to the front page yet. For more information, see About Less Wrong.

gwern comments on Open thread, Feb. 9 - Feb. 15, 2015 - Less Wrong Discussion

6 Post author: MrMind 09 February 2015 09:12AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (321)
Tags: open_thread

Comments (321)

You are viewing a single comment's thread. Show more comments above.

Comment author: Douglas_Knight 12 February 2015 01:40:27AM 3 points [-]

Simply sniffing https packets is worthless. At most it tells you the length of the session. It's exactly the adversary that TLS is designed to foil. You need the session key to decrypt it, so, you need to hook into the TLS implementation.

Comment author: gwern 05 November 2015 01:01:01AM *  2 points [-]

It seems someone has done the TLS hooking: TLSNotary. Whitepaper:

‘TLSnotary’ allows a client to provide evidence to a third party auditor that certain web traffic occurred between himself and a server. The evidence is irrefutable as long as the auditor trusts the server’s public key. The remainder of this paper describes how TLSnotary allows the auditee to conduct an https session normally with a web server such that the auditor can verify some part of that session (e.g. a single HTML page), by temporarily withholding a small part of the secret data used to set up the https session. The auditee does not at any time reveal any of the session keys to the auditor or anyone else, nor does he render or decrypt any data without authentication. Thus the full security model of the TLS 1.0 session is maintained, modulo some reduction in the entropy of the secrets used to protect it. Notes to the reader: As of this writing, TLSnotary is only compatible with TLS 1.0 and 1.1, not TLS 1.2

...In summary, the purpose of this rather complex sequence of steps is: the auditor withholds some of the secret data from the auditee (acting as client), so that the auditee cannot fabricate traffic from the server (since at the time of making his request, he does not have the server mac write secret). Once the auditee has a made a commitment to the encrypted content of the server’s response to his request, the auditor can provide the auditee with the required secret data in order to construct the server mac write secret. Then, the auditee can safely complete the decryption and authentication steps of the TLS protocol, since at that point he has the full master secret. In this way, the auditee maintains the full TLS security model, although he was prevented from creating a fake version of the post-handshake traffic from the server - something he is always able to do if he has the full master secret in advance.

Seems it requires an active and online auditor server (which is far from ideal), but if someone were to run such a trusted auditor, then you get your HTTPS provability and can timestamp it as before.

Comment author: Douglas_Knight 05 November 2015 04:51:55PM 0 points [-]

I think that the people who wrote the code are running a server.

I am surprised that it is possible for a browser plug-in to hook so deeply into the browser to accomplish this.

Powered by Reddit Powered by Reddit