IETF Draft Wants To Formalize 'Man-In-The-Middle' Decryption Of Data As It Passes Through 'Trusted Proxies'

from the you-jest dept

One of the (many) shocking revelations from the Snowden leaks is that the NSA and GCHQ use "man-in-the-middle" (MITM) attacks to impersonate Internet services like Google, to spy on encrypted communications. So you might think that nobody would want to touch this tainted technology with a barge-pole. But as Lauren Weinstein points out in an interesting post, the authors of an IETF (Internet Engineering Task Force) Internet Draft, "Explicit Trusted Proxy in HTTP/2.0," are proposing not just to use MITMs, but also to formalize their use. Here's his explanation of the rationale:

one of the "problems" with SSL/TLS connections (e.g. https:) -- from the standpoint of the dominant carriers anyway -- is that the connections are, well, fairly secure from snooping in transit (assuming your implementation is correct ... right?)

But some carriers would really like to be able to see that data in the clear -- unencrypted. This would allow them to do fancy caching (essentially, saving copies of data at intermediate points) and introduce other "efficiencies" that they can't do when your data is encrypted from your client to the desired servers (or from servers to client).
The "solution" to that problem is what the authors of the IETF draft -- all of whom hail from AT&T or Ericsson -- call "trusted proxies." Basically, users give permission for their data to be decrypted by an intermediate site that they trust, which would then be allowed to do stuff to it before re-encrypting it and passing it along to its original destination. The eagle-eyed among you may have spotted one or two problems with this approach; as Weinstein says:
Of course, the authors of this proposal are not oblivious to the fact that there might be a bit of resistance to this "Trust us" concept. So, for example, the proposal includes the assumption of mechanisms for users to opt-in or opt-out of these "trusted proxy" schemes.

But it's easy to be extremely dubious about what this would mean in the real world. Can we really be assured that a carrier going through all the trouble of setting up these proxies would always be willing to serve users who refuse to agree to the proxies being used, and allow those users to completely bypass the proxies? Count me as skeptical.

And the assumption that users can even be expected to make truly informed decisions about this seems highly problematic from the git-go. We might be forgiven for suspecting that the carriers are banking on the vast majority of users simply accepting the "Trust us -- we're your friendly man-in-the-middle" default, and not even thinking about the reality that their data is being decrypted in transit by third parties.
And there's another major issue. If there's one thing we've learned from Snowden it's that the NSA and GCHQ have no compunction about breaking into anyone's system. If decrypted versions of data transmissions were available on these "trusted proxies," they would no doubt become prime targets for this kind of attention. Introducing another weak link into the transmission chain would leave Internet users even more exposed to surveillance than before. Before Snowden's leaks, 'man-in-the-middle' decryption of the kind being proposed would have seemed a pretty bad idea; in the wake of them, it is just plain crazy.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, ietf, man-in-the-middle, security, ssl

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    WulfTheSaxon (profile), 27 Feb 2014 @ 1:00pm

    Re: Re: Re: Re: Re: Re:

    If they’re really paranoid, they may have locked all their cases and epoxied any external ports, plus disabled booting from CD and USB and password-protected the BIOS.

    If they’re using a USB mouse or keyboard, you could possibly take the keyboard apart and attach a USB port, but even that could be easily foiled with software to restrict USB device classes or serial numbers – or by using PS/2.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.