2

If Man-In-The-Middle is at the ISP level (or even before ISP) it seems like they could perform the handshake, swap keys supply a faked or copied cert. The only thing they wouldn't know is the private key. But it seems like if they were the client for the endpoint server, and they were the server for the victim, they could create two chains of encryption/decryption and two shared-secrets and no one would be the wiser. I think I'm misunderstanding something, though, because people say that a VPN would protect against this. So the basic question is how does an HTTPS web site cert protect against man in the middle at the ISP level?

Added: I guess the real question here is how does the guv'ment do it? Do they have a "spoof-cert" that is trusted by all CAs? (Or would this need to be a different cert for every coneivable site?)

pcalkins
  • 121
  • 6
  • 1
    I'm confused about your question. In your title you ask how VPN prevents MITM. In the body you ask how the certificate in HTTPS prevents MITM. Please make clear what you really want to know. – Steffen Ullrich Feb 14 '20 at 21:10
  • I updated, but I guess I'm wondering of the truth of saying "VPN prevents MITM at the ISP level... they can only see the destination domain but not the content." – pcalkins Feb 14 '20 at 21:11
  • 1
    *"VPN prevents MITM at the ISP level... they can only see the destination domain but not the content."* - this is wrong. HTTPS already prevents the ISP from seeing the content but he can see the destination domain from the TLS handshake. VPN encrypts everything including the TLS handshake so the ISP can only see that there is some VPN connection to some VPN endpoint but not what's going on inside. – Steffen Ullrich Feb 14 '20 at 21:13
  • *"I guess the real question here is how does the guv'ment do it?"* - This is answered in the one I marked for duplicate. The other question are as I already said confusing since you do strange switches between asking something about VPN but then focus instead on HTTPS - which means it is unclear what you really asked. – Steffen Ullrich Feb 14 '20 at 21:30
  • OK, I think I found what I needed from an answer to one of those previous questions: "For RSA, provision the client side of the VPN with the server certificate and don't rely on CAs. This means the server cert may be self signed." In this case it moves the level of trust directly to the VPN and it would be very hard to fake the cert? – pcalkins Feb 14 '20 at 22:23
  • You cannot fake a certificate in VPN the same as you cannot do it in HTTPS. You would need to explicitly trust the CA which issued the fake certificate. But yes, explicitly trusting only a specific certificate removes any worry of the attacker using a different CA you also trust. You could do such direct trust with any certificate, self-signed or CA issued. – Steffen Ullrich Feb 14 '20 at 23:02
  • "You cannot fake a certificate" - I still find this statement hard to believe, and it seems somewhat contradictory to previous answers... but I'm far from an expert on this stuff and will take it on faith until I learn more. – pcalkins Feb 14 '20 at 23:20

0 Answers0