What's the attack you're imagining that's mitigated with VPN?
-
-
I think normal users would click through SSL errors for expired/invalid certs, so an SSL MITM could be possible. Some sites don't pin certs and users re-use passwords. Yes VPNs can be MITMd but users face less VPN error fatigue When did we stop believing in defense in depth?
2 replies 0 retweets 0 likes -
You understand what a VPN does, right? Your traffic is passing across the hostile public internet, and your solution is to.... pass it slightly differently?
1 reply 0 retweets 0 likes -
The best argument you can come up with for this is, "well... users don't see vpn errors as often, so maybe they won't dismiss them", but they now have to deal with vpn errors *and* ssl errors. That is not "defense in depth".
1 reply 0 retweets 1 like -
VPNs don't normally have a clickthrough that folks can easily use. SSL error fatigue is (at least was) very real https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/akhawe … . If VPNs had an "ignore" button, it'd be more comparable. Additionally there are open source SSL MITM tools, probably not for VPNs?
2 replies 0 retweets 0 likes -
You totally ignored the point. You want to communicate privately with host over untrusted hops You->A->B->C->Host. TLS Let's you do this, but you're scared you might click through a warning, so you instead send all your traffic to sketchy host F, now You->F->A->B->C->Host.
1 reply 0 retweets 0 likes -
You didn't solve anything, you just moved some bits around. Do not say "what about warning fatigue", when a VPN does not solve warning fatigue.
1 reply 0 retweets 0 likes -
The threat model I'd assume for an average user is "dumb attacker with a wifi pineapple or equivalent". That's easy for someone in a coffee shop. I don't expect a low-resource attacker to have the capability to MITM traffic out of a VPN server.
1 reply 0 retweets 1 like -
Your threat model is very confused, a physically nearby attacker willing to break the law who can only MITM one protocol (TLS) but not another (IPSEC, whatever). So you send all your bits to shady middleman instead?
2 replies 0 retweets 0 likes -
I'd base my threat model based on what is off-the-shelf available. The number of attackers capable of buying a COTS tool (wifi pineapple) is orders of magnitude larger than folks who can write or even compile custom software.
2 replies 0 retweets 1 like
First of all, there is no COTS TLS interception. You know that, you've already imagined a user who goes through all the trouble of disabling it. Rather than tell users "don't do that", you want them to install a shady VPN service and add another point of failure.
-
-
Secondly, you've imagined the perfect attacker for your preferred solution. That's just bad threat modelling, you've decided what solution you like best and then worked backwards to build the perfect attacker.
1 reply 0 retweets 2 likes -
I picked an attacker model based on what exists today. I think assuming attackers have COTS devices (which trigger errors) and no advanced knowledge is sensible. I think attackers writing new MITM software for VPNs is imagining a perfect attacker for *your* preferred situation :P
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.