Legality of ISP's doing MITM on encryption?

[Joe]

I was talking with Sidoh involving avoiding packet shaping by using an SSH tunnel, and I mentioned that they could MITM your tunnel and shape the packets that way. Does anyone know of the legality of MITM'ing your encrypted connections (SSH / HTTPS / etc)?

[rabbit]

It depends.  By ECPA, they aren't allowed to interfere with any information in transit until it reaches its destination server, but due to the way that TCP/IP works, it's fairly likely that the data will go through at least one of their servers (as a legit "destination"), which makes ECPA pretty much worthless.  Even then, they can usually get away with it because MITM is really hard to detect.

[Joe]

I'll probably exchange fingerprints with iago via AIM / text message and check that out.

[iago]

Your ISP just phoned me up, something about wanting me to give them their public key instead of my own..

[Newby]

Can't you verify fingerprints... ?

Really, SSH seems to be built to prevent this.

[Sidoh]

Can't you verify fingerprints... ?

Really, SSH seems to be built to prevent this.

If you've received the server's key across a trustworthy medium, then you're almost definitely in the clear.  SSH complains loudly if it gets a conflicting key.  Otherwise, MITM is still easily possible, I think.

For SSL, there are CAs that verify the authenticity of a third party's public key.  However, I don't think there's anything that prevents the ISP from being the MITM in that exchange as well.  Am I wrong?

[iago]

Can't you verify fingerprints... ?

Really, SSH seems to be built to prevent this.

If you've received the server's key across a trustworthy medium, then you're almost definitely in the clear.  SSH complains loudly if it gets a conflicting key.  Otherwise, MITM is still easily possible, I think.

That's correct. That's why Joe talked about exchanging keys through a different medium (aim, text message), which is why I made the joke about his ISP phoning me.

For SSL, there are CAs that verify the authenticity of a third party's public key.  However, I don't think there's anything that prevents the ISP from being the MITM in that exchange as well.  Am I wrong?

You have the CA's public key stored locally, and you verify the signature when you connect to it. So if somebody is MITMing that, you know.

Of course, if the cert was compromised and revoked, odds are you'd never know because nobody checks the revocation lists.

[Sidoh]

You have the CA's public key stored locally, and you verify the signature when you connect to it. So if somebody is MITMing that, you know.

Of course, if the cert was compromised and revoked, odds are you'd never know because nobody checks the revocation lists.

Ah, sure.  Of course this all assumes you're visiting sites which have certificates signed by a CA.  I guess this is usually the case, but I've seen a number of sites of "lesser caliber" that have self-signed certs.

[Joe]

You have the CA's public key stored locally, and you verify the signature when you connect to it. So if somebody is MITMing that, you know.

Unless they compromised the Firefox installer I downloaded over non-HTTPS.

[rabbit]

You have the CA's public key stored locally, and you verify the signature when you connect to it. So if somebody is MITMing that, you know.

Of course, if the cert was compromised and revoked, odds are you'd never know because nobody checks the revocation lists.

Ah, sure.  Of course this all assumes you're visiting sites which have certificates signed by a CA.  I guess this is usually the case, but I've seen a number of sites of "lesser caliber" that have self-signed certs.

Or maybe they are self signed because people don't feel like shelling out $700 to a signing company for a "legitimate" SSL cert.  Also, by that logic, VeriSign is a "lesser caliber" site, since it's signed its own cert.

[Sidoh]

You have the CA's public key stored locally, and you verify the signature when you connect to it. So if somebody is MITMing that, you know.

Of course, if the cert was compromised and revoked, odds are you'd never know because nobody checks the revocation lists.

Ah, sure.  Of course this all assumes you're visiting sites which have certificates signed by a CA.  I guess this is usually the case, but I've seen a number of sites of "lesser caliber" that have self-signed certs.

Or maybe they are self signed because people don't feel like shelling out $700 to a signing company for a "legitimate" SSL cert.  Also, by that logic, VeriSign is a "lesser caliber" site, since it's signed its own cert.

It's not that much.  When I purchased one for a client, it was <$100.  If you're a big company, having the ability to ensure your customers that their information is kept safe in-transit is extremely important, and I don't think it's wise to undermine that importance.

Your last inference is flawed.  I didn't say every site that doesn't have a cert signed by a CA is of "lesser caliber".  I said there exist "lesser caliber" sites that don't have certs signed by a CA.

[Camel]

I think this is moot: The FCC forbade Comcast from looking at data to determine how to shape it. They are allowed to shape, but not based on what the data is, only on the quantity.

So, if your ISP is shaping, an encrypted tunnel will not help you.

[Sidoh]

I think this is moot: The FCC forbade Comcast from looking at data to determine how to shape it. They are allowed to shape, but not based on what the data is, only on the quantity.

So, if your ISP is shaping, an encrypted tunnel will not help you.

Ah, that is interesting.