[guardian-dev] critical fixes to OnionKit's StrongTrustManager

Nathan of Guardian nathan at guardianproject.info
Tue Mar 12 03:19:34 EDT 2013


Moxie, as he always seems to do, found some issues with the
StrongTrustManager we included with OnionKit, our network security
library, that currently powers Gibberbot. Unfortunately, these are well
known issues[0] that I take full blame for not avoiding.

Specifically, we do not verify the BasicConstraints and KeyUsage
extensions of certificates in the chain, allowing for end-entity certs
to be validated as signing certs, and create a new cert for any domain.
This means a man-in-the-middle attack would be possible with our current
implementation.

If you want to see the fixes implemented so far, you can review the code
here:
https://github.com/guardianproject/OnionKit/pull/5

I am still deciding on how best to proceed with regards to continuing
our work on our own TrustManager vs. just building upon the default one
+ MemorizingTrustManager + Moxie's new libpinning, but for now, I
believe the fixes above get us to a place that will stop the
man-in-the-middle possibility.

[0] http://www.thoughtcrime.org/ie-ssl-chain.txt

+n




More information about the Guardian-dev mailing list