Hacker News new | ask | show | jobs
by trash_panda 2844 days ago
Of course, you're right. My phrasing was not the best. The rogue CA would need to perform a classical MiTM as all the other mortals do, having access to the signing keys does not give you special MiTM powers, other than when you actually are able to conduct a MiTM through other means, you'll have valid certs to intercept the connection.

Totally agree with your point about trust being a very hard problem to solve, that's why CAs first came in to place, and now we have CT (which is not widely adopted yet). It is a problem that has no clear and definite solution yet.

Edit: Also, CT is no magical solution. It's just another "node" in the graph of trust we're establishing. As many other things have in the past, the CT system itself could also fail.
2 comments
roblabla 2844 days ago
Chrome requires certs to be published in CT to trust it[0], since chrome 68[1]. Because of this, I would believe CT is widely adopted.

[0]: http://www.certificate-transparency.org/certificate-transpar... , Certificate Inclusion Check

[1]: https://groups.google.com/a/chromium.org/forum/#!msg/ct-poli...

link
jancsika 2844 days ago
> The rogue CA would need to perform a classical MiTM as all the other mortals do, having access to the signing keys does not give you special MiTM powers, other than when you actually are able to conduct a MiTM through other means, you'll have valid certs to intercept the connection.

But this thread is operating under the thought experiment that the NSA already owns LetsEncrypt. And in reality-- at least according to the Snowden leaks-- NSA currently has classical MiTM capabilities. (Can't remember which program it was that was using some node between the user and the desired server to send back a forged response that would almost always beat the server to the punch.)

So in this thought experiment there are only two pieces of Triforce and NSA has them both.

link
schoen 2844 days ago
> (Can't remember which program it was that was using some node between the user and the desired server to send back a forged response that would almost always beat the server to the punch.)

These were called QUANTUM (with various sub-projects related to specific applications of that capability).

link
Ajedi32 2844 days ago
The point is that the NSA doesn't need to own Let's Encrypt to do that; they could use literally _any_ certificate authority.

Also there _is_ a third piece of the triforce; certificate transparency logs; and those would be very difficult to compromise without the certificate transparency monitors noticing.

link