Hacker News new | ask | show | jobs
by chromaxs 2309 days ago
Any CA can sign any certificate they want, including ones they generate themselves. If a bad actor got control of, or even could coerce, a CA, and could do the same for DNS, the end users would be hard pressed to know.

It's a very valid attack, although minimal. To say they don't have any way of MITM'ing a connection is wrong even if it's unlikely.
4 comments
nucleardog 2309 days ago
This is what certificate transparency logs are designed to solve.

Chrome and Safari currently validates that a certificate has been published in the publicly available transparency logs as part of considering it valid.

Either Google doesn't publish the certificate in the logs and it's not valid, or they publish it and people are able to see the misissuance.

It's not foolproof, but it makes the attack even less likely.

link
Roujo 2309 days ago
> To say they don't have any way of MITM'ing a connection is wrong even if it's unlikely.

I totally agree, it's why I qualified it with "just by virtue of them being the one validating the cert for a certain website" and later on adding that they could do so in other ways, like the one you're suggesting. Reading it again makes me realize that it could be understood that way, though, sorry if I wasn't clear enough. Sometimes not being a native English speaker betrays me a little bit. =)

link
iudqnolq 2309 days ago
Wouldn't it be equally easy for a CA to MITM a site that got it's real cert from them vs from a different CA?
link
Roujo 2309 days ago
CAA DNS records aim to make that more difficult, actually, but otherwise AFAIK you're right. =)

https://en.wikipedia.org/wiki/DNS_Certification_Authority_Au...

link
tialaramex 2309 days ago
CAA is for telling competent CAs that you don't want to use their service, so as to avoid them being fooled by bad guys who pretend to be you. If you think their methods are dubious or just won't be effective due to how your names are managed, CAA lets you flag that they shouldn't issue for your names at all.

If a CA is incompetent or malevolent it would just ignore CAA records or not check them at all.

It would be a serious bug if a web browser for example went "Hey this site has a cert from Bob's CA but the CAA records for the domain say only Alice's CA is to issue" and rejected the certificate from Bob's CA. The CAA notice is about allowing new issuances right now but maybe last week when I got this certificate from Bob's CA I didn't set that CAA record so that was fine.

It would be valid (maybe not a brilliant idea, but valid) to set CAA to refuse all issuance, changing it only for a few minutes once a week while you do all your certificate changes.

link
Roujo 2308 days ago
Oh wow, and here I thought having clients check that record was the whole point, as a layer of defense against rogue CAs. Thank you so much, I hadn't realized. =)
link
ForHackernews 2309 days ago
> and could do the same for DNS

Google also controls a major public DNS resolver (8.8.8.8) and the most popular browser.

But hey, y'know, they're the good guys or whatever so I'm sure it's fine. (Probably. Right up until the moment when it's not.)

link