[benwilber0]

If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA, say Verisign, to generate a fake certificate that they can use to MITM a browser session, and deliver key-stealing javascript to the user? I'm not sure what the state of certificate pinning is, but it seems that for the "uber security conscious users" they have instructions to check the SHA-1 fingerprints[0] manually. I feel like there are just an infinite number of technical ways a state actor with unbounded resources and legal access to basically every authority and pipe that operates the internet could MITM a service like this without compelling ProtonMail to do anything.

[0]https://protonmail.com/support/knowledge-base/protonmails-ss...

[geocar]

> If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA

Why bother?

If they can MITM ProtonMail, they might as well use letsencrypt which just requires you control the domain name (for some definition of control).

> I'm not sure what the state of certificate pinning is,

    Public-Key-Pins-Report-Only: pin-sha256="Jh0ZSUYEc97HRYcwZIOkH2jKOUpmQhLO48MYd1s5pRM="; pin-sha256="2ZnCTNQBrKShr4c1olKfwNG53KiL6qoNcQi65YGRBn8="; pin-sha256="1D76xWwHug9p4iQWVBiDZF+e3UcxtPte/ig5pkYnmRU="; max-age=300; report-uri="https://protonmail.com/pkp-report"

Looks like they want to know about violations...

[tony101]

EV certificates must be submitted to CT logs, which means ProtonMail and the public will be able to detect the malicious certificate. If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice. That said, if a powerful government is after a user specifically, it is just a matter of time and effort before the government gets in.

[pfg]

> If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice.

This is often used as an argument by EV advocates, but it doesn't hold up under scrutiny. An attacker with access to a non-EV certificate can selectively intercept only connections for subresources of the targeted site (i.e. JavaScript). The "main" connection would still use the EV certificate and thus show the browser indicator. This attack was first made public in 2008[1] and has been further refined in later work[2].

HPKP and the Expect-CT header provide some viable mitigations for this. That said, it seems unlikely to me that a nation-state adversary would choose to attack at the Web PKI level in this scenario. Compromising ProtonMail or the user's device would probably cheaper and less likely to be detected.

[1]: http://w2spconf.com/2008/papers/s2p1.pdf

[2]: https://www.blackhat.com/presentations/bh-usa-09/SOTIROV/BHU...