Uhmmmm.... did he really say OpenSSL?
CloudFlare ditches private SSL keys for better security
CloudFlare has announced the outcome of what it says is two years' work – switching on Keyless SSL – which lets customers encrypt their web traffic via the company's services without having to hand over their private SSL keys. In this blog post announcing the service, cofounder and CEO Matthew Prince explains that “the only …
COMMENTS
-
Monday 22nd September 2014 05:29 GMT T. F. M. Reader
"key server under the customer's control"
It looks genuinely interesting. While GCHQ/NSA/etc. may have a much easier time hacking the customer's key server and stealing the private keys they'd have to do it individually for each customer, I assume.
Don't see how it mitigates MITM though, but maybe I am missing something - I only skimmed the "technical details" blog.
-
-
Monday 22nd September 2014 11:58 GMT Anonymous Coward
It doesn't avoid an MITM attack because it is essentially a MITM attack. It's using one the vectors employed in attacks on SSL as a feature- which completely undermines the entire point of the product. Says a lot to me about how Cloudflare view Security- it's completely secondary to Marketing.
-
Monday 22nd September 2014 14:15 GMT Anonymous Coward
Cloudflare ends up with a strong influence on standards and a vested interest in maintaining the broken status quo. As opposed to closing that MITM loophole, completely separating authentication from encryption, and writing the bloody CAs out of the picture. Fucking beautiful.
Nice to see some scepticism over here!
-
-
-
Monday 22nd September 2014 12:05 GMT Anonymous Coward
Two points
First, in no way do banks have the highest standards of SSL security. According to Calomel SSL Validation, the banking sites I use normally rate somewhere around broken or barely adequate. They are way behind even Google on this. What banks do have is regulation, but in this matter it's purely theatre.
Second, if I understand CloudFlare's system correctly, the bank basically passes CloudFlare the session key once it's been negotiated. That doesn't strike me as secure at all. How long will it take for a TLA to tap into that juicy little MITM system? ...and that's even before you consider hacking the connection to the bank to dupe it into sending the key to the wrong person.
-
-
Monday 22nd September 2014 21:39 GMT Philip Mather
More secure for who exactly?
Strikes me that this appears to absolve CF (now a literal MITM as pointed out) of maintaining private key security which is a good thing for them and also for the "server" to some extent I guess but this leaves two issues...
1) All of the most important traffic between the "client" and the "server" is now concentrated over a far smaller route being that it's now bottle-necked into the MITM (CF). I understand it's not the encrypted content being sent back to the customer's key server, just the "twice" encrypted and then "once" encrypted (on it's return to CF) pre-master secret but that is the "effective" security of the content. Tell me more about this "encrypted channel" between MITM/CF and "server"? Is the "client's" ID/IP transmitted over the same channel? Cloud flare do DNS as well don't they?
2) It always struck me that any architect/engineer with a clue, aware that they were handing over a private key to a third party, carefully considered the security of the MITM/CDN, the importance and sensitivity of the data involved and then segregated it from anything that was unique or otherwise un-cachable (i.e. important stuff). I can see that this would "incline" (?) people to just let CF handle everything and proceed not to think to hard about it.
Not entirely sure about this. It doesn't seem to benefit the end-customer/client at all and doesn't really offer the provider/server much real benefit (rather just shifts some risk about or trades it off from one place to another). The only clear winner here seems to be CF? Is this product cheaper than a "traditional" CDN, I mean they seem to be off-loading the risk of holding a private key? It must increase the network traffic for the "server"? Am I missing something? I dunno.
-
Saturday 27th September 2014 14:49 GMT OsamaBinLogin
what's wrong with this picture
yeah, i was asking myself, what's wrong with this picture. Secret Keys are meant to be secret. private. On your machine only (or whomever). Anybody or anything else holding them defeats the whole purpose. You've basically outsourced your identity; the secret key now guarantees only that it's from your account on cloudflare. (Or whomever cloudflare outsourced to.)