I can see why companies would want to be able to man-in-the-middle outbound connections from their own corporate network. SSL/TLS can be used to tunnel... well anything really. A malware C&C channel, a way to exfiltrate corporate data etc.
However, the correct way to implement this is the exact opposite of what Trustwave has done. An SSL proxy like Bluecoat achieves the above goal of MITM'ing corporate SSL sessions by
1)Installing a new Trusted Root Cert on all corporate PCs
2)Using the key for that Cert to sign a faked certificate for all outbound SSL traffic
This way, traffic is still secure between the client and the SSL proxy (using the new certificate), and between the SSL proxy and the end website (using a normal certificate)
As long as the private key within the SSL proxy remains secure, the system is secure (or securish... an admin from your company with access to the proxy could still sniff your SSL traffic - a good reason not to do your net banking at work)
The important difference between an SSL proxy and the ridiculous decision by Trustwave is the failure modes of the system.
Worst case scenarios:
If a hacker gains access to the private key within Company A's SSL proxy, they can MITM computers that belong to Company A. Fair enough, as it was Company A's security failure that led to the key exposure in the first place.
If a hacker gains access to the private key corresponding to the CA certificate that Trustwave issued, until somebody notices and discloses the key compromise and the certificate gets revoked, the hacker can MITM anyone, anywhere, anytime.
(untitled comment)
However, the correct way to implement this is the exact opposite of what Trustwave has done. An SSL proxy like Bluecoat achieves the above goal of MITM'ing corporate SSL sessions by
1)Installing a new Trusted Root Cert on all corporate PCs
2)Using the key for that Cert to sign a faked certificate for all outbound SSL traffic
This way, traffic is still secure between the client and the SSL proxy (using the new certificate), and between the SSL proxy and the end website (using a normal certificate)
As long as the private key within the SSL proxy remains secure, the system is secure (or securish... an admin from your company with access to the proxy could still sniff your SSL traffic - a good reason not to do your net banking at work)
The important difference between an SSL proxy and the ridiculous decision by Trustwave is the failure modes of the system.
Worst case scenarios:
If a hacker gains access to the private key within Company A's SSL proxy, they can MITM computers that belong to Company A. Fair enough, as it was Company A's security failure that led to the key exposure in the first place.
If a hacker gains access to the private key corresponding to the CA certificate that Trustwave issued, until somebody notices and discloses the key compromise and the certificate gets revoked, the hacker can MITM anyone, anywhere, anytime.
See why it's not as good a solution?
Already done in comic form
http://en.m.wikipedia.org/wiki/Pax_Romana_(comics)
Techdirt has not posted any stories submitted by LiamO.
Submit a story now.