How does stunnel work?
Walter Roberson
Jeffrey Wang <JWang_...@microsoft.com> wrote:
:I'm looking for a good way to protect my passwords and other data
:while surfing on an older system.
:I've heard about stunnel and did some reading on it. How can it
:establish an end to end encrypted session unless the end remote
:server talks ssl? I want to be able to surf regular pages
:encrypted or download nntp from a regular server encrypted. Is
:this feasible with stunnel.
No.
:If anyone can explain how it works, please do. If anyone is using
:this with Win9x, please let me know what special considerations
:there are in installation and use.
Anything that will talk stunnel to you isn't a "regular server".
If the destination system doesn't handle encryption itself, and
the destination system isn't on a network that you can create a
VPN to, then the data is going to have to be transmitted in the
clear to -somewhere-. The best you can do is use one of the
encrypting proxies: that will transmit the data in the clear
to the proxie, and then from the proxie to you would be encrypted
[so it wouldn't be sniffable at -your- end.]
Hushmail is -one- company that offers encrypted browsing.
--
Everyone has a "Good Cause" for which they are prepared to Spam.
-- Roberson's Law of the Internet
Walter Roberson
Jeffrey Wang <JWang_...@microsoft.com> wrote:
:So, iow, if you don't have a direct ssl or
:other encrypted session with the remote server, then your isp can
:log your passwords, etc., correct? I guess the only way to remain
:anon and encrypted point to point is to use remailers.
In order for your ISP to not be able to log your passwords etc.,
you need an encryption layer between you and the remote system.
stunnel cannot be used to set up such a layer to an arbitrary system,
only to co-operating systems.
If you use an encrypting proxie (e.g., hushmail or others) then
the part between you and that service will be encrypted (and thus
difficult to decode at your ISP); the part between that service
and the final destination would -not- be encrypted, though.
On the other hand, if you are concerned about your ISP logging passwords
and so on, such as they might be required to do under court order,
then you should also be concerned about the possibility of a
"man in the middle" attack, where the ISP redirects any particular
remote destination to their own equipment. And of course, you need
to consider the possibility that whatever encrypting proxie you choose
might be recording your traffic. Some of the anonymous remailers are
controlled by the CIA (or so I have seen in reputable sources), so I'd
be surprised if all of the encrypting proxies were pure.
--
Suppose there was a test you could take that would report whether
you had Free Will or were Pre-Destined. Would you take the test?
leslie
: Jeffrey Wang wrote:
: > I guess the only way to remain
: > anon and encrypted point to point is to use remailers.
: You should not top-post.
: http://www.dickalba.demon.co.uk/usenet/guide/faq_topp.html
:
If Mr. Wang is using Outlook Express, he can download OE-QuoteFix
to correct Outlook Express's deficiencies:
http://home.in.tum.de/~jain/software/oe-quotefix/
OE-QuoteFix
http://home.in.tum.de/~jain/software/oe-quotefix/description.html
Description
"Description
OE-QuoteFix will extend the functionality of MS Outlook Express in
numerous ways! Its main purpose is to modify message composition
windows on-the-fly to allow for correct quoting and to change the
appearance of your plain-text replies and forwards in general: move
your signature, use compressed indentation, have RFC compliant
signatures, etc.
But the second feature is equally practical: OE-QuoteFix can
instantly color quoted passages (according to the level of
indentation), fix bad quoting and generally beautify messages as
you view them in Outlook Express.
Quoting & Formatting
If you use Outlook Express as your mail/news client and make use of
plain-text messages (which are still the way to go, especially in
the usenet), you will have noticed that OE doesn't exactly feature
the most intelligent quoting algorithm; in fact, it's the silliest
one imaginable.
The following will probably look familiar...
[snip]
No Worries
Lastly, OE-QuoteFix will not modify any system files or Outlook
Express files... And the changes it makes to your messages can be
undone by choosing Edit->Undo in Outlook Express, should you
realize that they weren't what you wanted. And if you don't like
OE-QuoteFix at all, you can always uninstall it, but I'm sure you
won't want to... ;) "
HTH,
--Jerry Leslie (my opinions are strictly my own)
Note: les...@jrlvax.houston.rr.com is invalid for email
nemo
Using one of the commercial proxies (I like cotse, but there are
others) with a secure tunnel to it (but not beyond) will give
**total protection** from the local ISP. I do not think that
MTM (e.g., between the ISP and cotse) is at all likely (and would
be, in any case, impossible to do if the remote proxy uses
authentication during session setup as is usual with SSL/TLS).
While it is possible that the remote proxy is a front for the
CIA, etc. I think that danger is overblown. However, protection
is enhanced where the remote proxy is in a different
jurisdiction, since serving of subpoenas, etc. becomes very
cumbersome and slow. I recommend using a foreign proxy where
possible.
For the ultra-paranoid, one can even arrange with a foreign
friend for him to provide an encrypted proxy for you and vice
versa. (It won't completely frustrate a serious LE effort,
although it will slow and complicate it, and it will cause
significant difficulty in proving to whose computer - the
friend's or yours - the packets were really destined. ) On that
same theme, I usually arrange to tunnel out from computers at my
clients' office to my own proxy running on my home machine.
That way I leave nothing decipherable in the company
firewall/proxy system.
In short, I believe your description is factually correct (except
re MTM) but that you overstate the risks.
Regards,
PS Needless to say, using stuff like SSL/TLS is just one
part of a security/prvacy plan which should be integrated and
supported not just with technology, but with the "soft side" such
as threat assessment, operational protocols, etc.
Walter Roberson
nemo outis <nemo ou...@erewhon.com> wrote:
:Using one of the commercial proxies (I like cotse, but there are
:**total protection** from the local ISP. I do not think that
:MTM (e.g., between the ISP and cotse) is at all likely (and would
:be, in any case, impossible to do if the remote proxy uses
:authentication during session setup as is usual with SSL/TLS).
If, though, the ISP were to put up a system that looked just like
the remote system, and were to redirect packets to the dummy system,
and if they were to do this before the first time you connected
to the remote system [so you never see a certificate directly
from the remote], then surely it would be very difficult to prove
whether you were talking to the dummy system or the destination
you wanted?
:In short, I believe your description is factually correct (except
:re MTM) but that you overstate the risks.
My posting said that one "should also be concerned about the
possibility" of certain attacks, not that such attacks were common. The
original poster expressed concern about their ISP sniffing their
password. *Most* North American ISPs have no interest in doing that
kind of sniffing except under court order (and there are laws about
what the rest can do with the information if they do happen to see it),
so there must be -some- basis on which the original poster does not
trust his/her ISP.
"If you can't trust your ISP, who can you trust?" -- if you have reason
to suspect that your ISP might be deliberately intercepting your
communications, then, depending on the strength of your concern, you
need to understand that *if sufficiently motivated* your ISP could
cause their systems to "lie" about having connected you to a remote
system -- and if there is some reason why you should care about such
possibilities, then you need to ensure that your counter-measures take
the possibilities into account.
Of course, even if you don't have reason to believe that your ISP would
deliberately sniff your traffic, you might have reason to want to
avoid having your ISP able to see even your destination IPs. For example,
you might be known around town as a "Real Man", and you might be
highly embarrased if it should become known that you are an avid
collector of Quiche recipies.
--
I predict that you will not trust this prediction.
nemo
>In article <kT0Ha.204301$3C2.6...@news3.calgary.shaw.ca>,
>nemo outis <nemo ou...@erewhon.com> wrote:
>:Using one of the commercial proxies (I like cotse, but there are
>:others) with a secure tunnel to it (but not beyond) will give
>:**total protection** from the local ISP. I do not think that
>:MTM (e.g., between the ISP and cotse) is at all likely (and would
>:be, in any case, impossible to do if the remote proxy uses
>:authentication during session setup as is usual with SSL/TLS).
>
>If, though, the ISP were to put up a system that looked just like
>the remote system, and were to redirect packets to the dummy system,
>and if they were to do this before the first time you connected
>to the remote system [so you never see a certificate directly
>from the remote], then surely it would be very difficult to prove
>whether you were talking to the dummy system or the destination
>you wanted?
How do you think an ISP could spoof a certificate?
Certificate spoofing is very, very difficult (it would require
compromising a trusted certificate source) and/or it would only
work against the careless or clueless.
Sensible folks check certificate details to see that they
(ultimately) trace back to a trusted root (Thawte, Verisign,
etc.). There is no way an ISP can tinker with Internet
Explorer's (or Opera's or Mozilla's etc.) built-in copies of
high-level trusted root certificates which are distributed as
part of the program.
However, if - as with the cotse's sign-up certificate (not their
login one) - a specific certificate does not trace back to a
trusted issuer (cotse's signup certificate is only from
tusk.cotse.net) then one would take steps to check this out. For
instance, one could sign on to cotse using a different ISP (e.g.,
at the library, internet cafe, etc.) An ultra-paranoid would
have a friend in a different city (or country!) send them the
exported certificate on a diskette (although just a phone call
and a read out of the certificate hash would do). Even a phone
call to cotse itself (not from the home phone of course) would
not be amiss.
>:In short, I believe your description is factually correct (except
>:re MTM) but that you overstate the risks.
>
>My posting said that one "should also be concerned about the
>possibility" of certain attacks, not that such attacks were common. The
>original poster expressed concern about their ISP sniffing their
>password. *Most* North American ISPs have no interest in doing that
>kind of sniffing except under court order (and there are laws about
>what the rest can do with the information if they do happen to see it),
>so there must be -some- basis on which the original poster does not
>trust his/her ISP.
>"If you can't trust your ISP, who can you trust?" -- if you have reason
>to suspect that your ISP might be deliberately intercepting your
>communications, then, depending on the strength of your concern, you
>need to understand that *if sufficiently motivated* your ISP could
>cause their systems to "lie" about having connected you to a remote
>system -- and if there is some reason why you should care about such
>possibilities, then you need to ensure that your counter-measures take
>the possibilities into account.
If you use SSL connections that are certificate-based, then your
ISP CANNOT "lie about" or "spoof" your connections. (He can
block your encrypted connection, true - but he cannot spoof or
counterfeit one!)
>Of course, even if you don't have reason to believe that your ISP would
>deliberately sniff your traffic, you might have reason to want to
>avoid having your ISP able to see even your destination IPs. For example,
>you might be known around town as a "Real Man", and you might be
>highly embarrased if it should become known that you are an avid
>collector of Quiche recipies.
One should actively distrust one's ISP as a matter of course.
First of all, that is the most likely point at which any
systematic attempt to compromise your security (by LE or others)
will likely be targetted. But also, most ISPs do any number of
intrusive things to, for instance, gather marketing data, enforce
their TOS (such as scanning to see if you run a server, etc.) and
so forth. By making sure that everything you do is encrypted
(and if you run any servers, run SSLed ones!) you ensure that
your ISP is never in a position to become too nosy! Think of it
as removing temptation :-)
Regards,