[DethNinja]

But you can just issue an identical certificate to an existing website's certificate via the private key, it doesn't even need to enter to CT logs, it will have 100% identical fingerprint to original certificate, no?

You can then intercept everything through the ISP gateway. It would be theoretically possible to fragment the entire internet this way via coordinating with the ISPs.

[jchw]

Nope! That would require the server operator to participate; pwning the CA gives you nothing. CAs that issue private keys for you are banned, to my knowledge, for the type of certificates that browsers trust; if a CA offers this, they'll be kicked out of being trusted by browsers. A CA is only allowed to sign a key via a CSR, and therefore the CA never sees the private key of a certificate.

This has been the standard for a pretty long time, and it of course still works this way with ACME certificate issuance as well. Very neat imo.

[freeflight]

> Nope! That would require the server operator to participate

Or it would require compromising the server [0]

[0] https://www.csoonline.com/article/3137065/shadow-brokers-lea...

[jchw]

Sure, but what I said absolutely stands: compromising the CA doesn't do you any good in practice.

Frankly though, I am going to say it; I think the idea that compromising a ton of web servers to be able to build a better profile of a user's web history is part of this UK government surveillance initiative is simply absurd. Compromising servers is a pretty nasty cat and mouse game, especially if you're up against orgs like Cloudflare, Amazon and Google. In practice, there's just no chance this is their strategy.

(And the game certainly isn't going to get any easier. You can, for example, use a TPM to generate your private keys, and have encryption occur on a TPM device, such that extracting them would require much more challenging exploits than just pwning some servers, meaning you'd need to actively have control over the servers to do anything interesting. It's not purely theory, either, though I do not know who is currently using this approach.)

[PrimeMcFly]

Or just a CDN...much easier if they cooperate.

[1827163]

It could be that the Linux kernel random number generator has been backdoored on all the large cloud computing platforms. They could be even snooping the entropy pool in memory, as the system is operating? You don't know what's really going on in a virtualized environment? Also many BMCs have JTAG access to the CPU, what's the chance that they have implants in the BMCs, knowing how insecure they are?

https://www.asset-intertech.com/resources/blog/2017/12/micro...