[syn0byte]

No. we just feel better because it just sounds so obviously reasonable doesn't it?

Kazakhstan's low-tech approach is just that, low-tech and low-effort. They could have used tons of vectors besides simply saying "install this cert."

A tiny shred of effort would have been to package an "updater" that did the install without explicitly saying that's what it was for. Or better yet: Kazakhstan is committed to a greener more ecologically friendly future! All tax documentation will go paperless! Just use the provided USB Key to access your documents in electronic format!

A small morsel of effort would be to force it on OS vendors through regulation/licensing/threats/money for localized copies. A good deal of effort would hijack CRLs, pinnings, et al while demanding/sneaking the private keys of the CAs.

Public Key Infrastructure is fucking pointless when the infrastructure is precisely what you can't trust.

[shawnz]

No, it's not pointless. This attack was detectable because of PKI. Without it the attack would not have been detectable.

Being imperfect is different than being pointless. Even if you developed the perfect algorithm for global security infrastructure, the Kazakhstan government could still just break down your door and implant the backdoor into your hardware if they wanted. So by your logic should we just forget about this encryption stuff and just do everything in plain text again?

[ridaj]

> Being imperfect is different than being pointless.

In particular, we'd see a lot more places than Kazakhstan do this if good countermeasures weren't in place...

[mmphosis]

An implant is not necessary. Intel ME is embedded with the CPU and has access to everything.

[cpach]

Intel ME is indeed scary stuff, but I think you need to provide stronger evidence if you want to convince us that governments can snoop on anyone anywhere just because of ME.

[Ajedi32]

We still would have easily found out had any of these methods been employed; any uncompromised machines still left in the country when they flipped the switch would start getting TLS warnings.

They could, of course, avoid spying on uncompromised machines to avoid detection, but then anyone practicing good security hygiene would be automatically left unaffected by the government spy program. Plus there'd still be the possibility of detecting malware through other means (malware on client machines is far easier to detect than MITM of unencrypted communications). Not to mention how much more difficult all this would be than simply MITMing unencrypted traffic.

The situation with HTTPS is significantly improved.

[MadSudaca]

> Public Key Infrastructure is fucking pointless when the infrastructure is precisely what you can't trust.

This seems a cynical and lazy evaluation of the situation. No solution is perfect, trade offs must be made everywhere. With the right precautions the average person can have his/her communications encrypted. This is a much better situation than the one we were on before.

[cpach]

How would they sneak the private keys from e.g. Digicert/Geotrust/ISRG?

[mdhardeman]

And there would be no point in doing so anyway.

Chrome, etc., require that certificates which descend from publicly trusted roots have their certificates published in certificate transparency logs. Someone would quickly notice bogus certs being issued and the associated root would get blacklisted.

[olliej]

This is why certificate transparency is required now - it means that we no longer need to trust the CAs to tell us when they’ve issued an unconstrained intermediate or cross signed a root. Previously it was essentially luck that led to CA malfeasance being detected.

Especially in the post-finally-ending Symantec world the CAs understand that issuing any such cert is likely to very quickly end their business in most other countries.

I feel the real problem kz is going to have is that they have now demonstrated that they will abuse having a root cert, so there is no way any root stores will let them in in future. I imagine they’d even have difficulty getting any of the other roots to issue certs for them (managed sub-ca I think? I forget terminology)