Open klzgrad opened 2 years ago
klzgrad
commented
2 years ago I guess not. This idea requires crafting CRL and other fields in the certificates. Creating true certificates with modified CRL and other fields is too costly for probes like this, and self-signed certificates would be stopped before any network loading is performed. So this is not a realistic attack vector on TLS parrots.
wkrp
commented
2 years ago self-signed certificates would be stopped before any network loading is performed. So this is not a realistic attack vector on TLS parrots.
I would guess that this is correct. Perhaps, in special cases, the test could work in the other direction. That is, a TLS parrot with a sufficiently bad TLS stack might make network requests before doing proper TLS verification, while mainstream implementations would not make any network requests.
I'll reopen, to keep the thread in the issues list.
I was recently trying to use Chromium's network library for parroting, but I saw
[0503/130502.548494:ERROR:cert_verify_proc_builtin.cc(603)] No net_fetcher for performing AIA chasing.using a bare configuration.I wonder: Can a sufficiently strong MitM create crafted certificates to convince TLS clients into performing certificate activities with network loading (OCSP, CRL, AIA chasing, CT(?)) and thus differentiate TLS parrots that claim to be full-featured user agents but actually do not implement the more complex behaviors? Is this a realistic exploit?
There is too much to learn about "certificate activities with network loading" to form an immediate conclusion. I'm asking the above question to get a sense if there are known answers to this.
A similar idea: https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/