Possible security issue (MITM) involving self-signed certificates #187
Comments
|
You are right. MTM's goal was not to work around misbehaving Root CAs, but merely to allow self-signed certificates at an equal security level. From a UX perspective, upgrading a self-signed certificate with a Root CA signed one is an improvement, not something to alert the user about. As such, I don't see an urgent need for the same "fix" as in Conversations. I would rather push forward DANE / TLSA validation to provide an independent trust root. I will close this issue and comment on ge0rg/MemorizingTrustManager#40 regarding mitigation strategies. |
|
Alright, though I completely disagree with this statement:
The whole point behind self-signed cert is not trusting CA's. |
|
There are many reasons for a self-signed cert, the most common one has been that the admin is not willing/able to afford the $$$ required. I can see how not trusting Root CAs helps the paranoid, but if they are targeting you, they will get their data one way or another. MTM works against dragnet surveillance, but it will not prevent a three letter agency from owning your smartphone. |
Yaxim uses MemorizingTrustManager. In an app called Conversations, we noticed that the way MemorizingTrustManager was set up allowed self-signed certificates to be overridden by certificate authorities.
I am not a user of Yaxim, so I do not know if this issue actually exists in Yaxim, but I felt that this is important enough to be reported, even if it turns out to be a false positive.
Here is the issue: https://github.com/siacs/Conversations/issues/1084
And here is the current fix: https://github.com/siacs/Conversations/pull/1101
In summary, if this issue exists, the following attack scenario might happen:
The text was updated successfully, but these errors were encountered: