Evading the "man in the middle"
In response to our discussion yesterday about "Man in the Middle Attacks," Rene points us to this article in Wired, which describes how Colombian government forces 'masqueraded' as FARC revolutionaries, in order to release hostages. "That was another example of MITM attack," says Rene. "This time used for a good purpose!"
On the subject of practical precautions against more nefarious MITM attacks, he says:
You can help a user by adding mechanisms to assist in certificate verification in applications. Not only simple verification such as identities, but further nail them down to verify serial numbers/certificate fingerprints, verify issuer's certificates and even the whole 'chain' / hierarchy of certification authorities involved and deny connectivity if something is amiss in this chain.
Further security can be leveraged by using online certificate checks (OCSP) or offline certificate revocation lists (CLRs) (of both user/client [EPRLs] as well as issuers [ARLs]). This should be done from two sides; the client should verify the gateway's identity and the gateway should verify the client's identity!
Furthermore, using main mode, or also known as identity protection mode to set up an IPsec based VPN prevents a malicious user from 'sniffing for valid identities' as mentioned in the article, with certificate exchange/verification of both the initiator (client) and responder (gateway) making it very difficult for a MITM attack. The identities are made known only after an encrypted session/channel has been established.