Hacker News new | ask | show | jobs
by jchw 1137 days ago
Nope! That would require the server operator to participate; pwning the CA gives you nothing. CAs that issue private keys for you are banned, to my knowledge, for the type of certificates that browsers trust; if a CA offers this, they'll be kicked out of being trusted by browsers. A CA is only allowed to sign a key via a CSR, and therefore the CA never sees the private key of a certificate.

This has been the standard for a pretty long time, and it of course still works this way with ACME certificate issuance as well. Very neat imo.
1 comments
freeflight 1137 days ago
> Nope! That would require the server operator to participate

Or it would require compromising the server [0]

[0] https://www.csoonline.com/article/3137065/shadow-brokers-lea...

link
jchw 1137 days ago
Sure, but what I said absolutely stands: compromising the CA doesn't do you any good in practice.

Frankly though, I am going to say it; I think the idea that compromising a ton of web servers to be able to build a better profile of a user's web history is part of this UK government surveillance initiative is simply absurd. Compromising servers is a pretty nasty cat and mouse game, especially if you're up against orgs like Cloudflare, Amazon and Google. In practice, there's just no chance this is their strategy.

(And the game certainly isn't going to get any easier. You can, for example, use a TPM to generate your private keys, and have encryption occur on a TPM device, such that extracting them would require much more challenging exploits than just pwning some servers, meaning you'd need to actively have control over the servers to do anything interesting. It's not purely theory, either, though I do not know who is currently using this approach.)

link
PrimeMcFly 1136 days ago
Or just a CDN...much easier if they cooperate.
link
1827163 1136 days ago
It could be that the Linux kernel random number generator has been backdoored on all the large cloud computing platforms. They could be even snooping the entropy pool in memory, as the system is operating? You don't know what's really going on in a virtualized environment? Also many BMCs have JTAG access to the CPU, what's the chance that they have implants in the BMCs, knowing how insecure they are?

https://www.asset-intertech.com/resources/blog/2017/12/micro...

link