We are happy to announce that PageSigner 2.0.0 has been released. It works with TLS 1.2 (more specifically the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite).
Update: Nov. 2021, PageSigner v3 again follows the TLSNotary protocol. And the caveat below no longer applies.
PageSigner no longer follows the TLSNotary protocol as described in the whitepaper. It introduced a change – now the symmetric keys for the TLS session are generated solely by the notary.
Is this a big deal? No. Because in PageSigner the notary is not actually human. It is a server set up at AWS (Amazon Web Services) configured by us in such a manner that even we at TLSNotary are unable to log into it to see its internal workings or to examine the keys it generates for the TLS session. The only thing we could do with it is to turn it off. We call it an oracle server.
You can read about how exactly the server is set up here https://github.com/tlsnotary/pagesigner-oracles/blob/master/INSTALL.oracles
When PageSigner notarizes a session, it checks whether the notary is indeed an oracle server that was set up in a proper way and only then does PageSigner proceed with notarization.
But let’s assume the very unlikely scenario – the adversary found a way to break into the PageSigner’s oracle server and can see the TLS keys being generated. Does that mean that the adversary now can see the plaintext of the notarization session? No, he only can see the encryption key, nothing more.
Update: Nov.2021. With PageSigner v3 the threat described below no longer applies. Even if the adversary is the ISP, he will not be able to jeopardize the integrity of the TLS session.
For the adversary to make any use of the encryption key he must get hold of the data that is being encrypted by that key, i.e. he has to be monitoring the auditee’s internet connection at the very moment when notarization is taking place. He would either have to be sniffing your Wi-Fi packets or be in collusion with your ISP. The odds are slim of the same adversary finding a way to break into the PageSigner server and at the same time being in control of your connection while you are performing a notarization. Yes, the odds are slim but they are not zero and so we felt the obligation to warn you about it in this blog post.
In the meantime, here are some of the good things to be looking forward to for PageSigner2 in the near future:
– the ability to selectively redact sensitive text from the notarization files.
– Firefox support (as soon as libdweb is merged https://github.com/mozilla/libdweb)