4

Alice is a (potentially modified) browser/client. Bob is a non-modified HTTPS web server running common security practices.

Eve is collecting data from Bob from many Alices, Eve needs this information to be accurate, and Alice is happy to supply the information as they get paid. Eve however needs to verify the information was sent by bob, and not a scam attempt by Alice to make quick money.

Alice however does not want Eve to know their cookies etc and gain control over their account.

Can Alice prove to Eve that the data in a https / tls exchange came from bob, and that they didn't fake the data. And if so, can they do so without Eve stealing their session/cookies.

Ryan Leach
  • 143
  • 4
  • What is the information that you are talking about? – Limit Dec 09 '16 at 18:19
  • If I understand correctly, what you want is essentially http(s) response content plaintext (trivially available from Alice) that is in some way "signed"/provably traced back to Bob's private certificate? – Peteris Dec 09 '16 at 18:44
  • You could verify a _handshake_ with Bob's cooperation, but if Eve had Bob's cooperation she presumably wouldn't go through this nonsense with Alice. You couldn't verify the rest of a session at all, unless Bob logs in full all his sessions. If Alice did turn over a legitimate transcript Eve would get any cookies in it, but if Bob is competent cookies for a terminated session are invalidated. – dave_thompson_085 Dec 10 '16 at 03:37

1 Answers1

7

While TLS identifies the server and protects data against sniffing and modification it does not contain some kind of proof that the server sent specific data which can be used outside the TLS connection. This means if Alice could capture the full TLS traffic, extract the encryption keys and hand all of this to Eve, then Eve could actually verify that the data was sent by Bob (or at least somebody in possession of Bobs private key) but, they could also get the rest of the traffic, i.e. all the cookies etc.

To achieve such proof Bob would actually need to sign the relevant data (and only this data) outside of TLS so that Alice could hand over the signed data to Eve which could then verify the signature using Bobs certificate.

INV3NT3D
  • 3,977
  • 3
  • 14
  • 25
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424