Hacker News new | ask | show | jobs
by schoen 820 days ago
Currently CT logs:

https://certificate.transparency.dev/

Monitor CT for your domain name and if you find an "obscure CA" misissuing for your domain, report it! This may result in the obscure CA getting explicitly distrusted.

At some level this is not that great a solution, but it's really so much better than what we had 13-14 years ago.
4 comments
michaelt 819 days ago
CT logs only mean that if after the horse has bolted, you can start the process to close the door within hours.

That's adequate for low-value targets, but it's hardly sufficient for high-value targets. If a CA mis-issued a cert for *.aws.amazon.com should we be waiting around for a manual process on some mailing list to invalidate it?

link
schoen 818 days ago
I agree conceptually, and I think it's sad that we don't have anything more absolute. (I was a fan of HPKP, which has been deprecated as a "footgun" because apparently users often didn't understand what it was doing or weren't cautious enough when using it.)

But the CT system seems to work very well in practice. While the detection and remedy part is awkwardly manual, there are people working hard on them. There are also (following a "you have to disclose all intermediates ahead of time" rule introduced by Mozilla) fewer intermediates and we actually have a list of them.

https://ccadb.my.salesforce-sites.com/ccadb/AllCertificateRe...

Detected incidents involving intentional misissuance are very rare. When unintentional misissuance happens, the responsible CA has to publicly explain how it happened and what it will do to prevent the situation from happening again.

link
xg15 819 days ago
And then what? What are you supposed to do in the meantime until browsers have decided to distrust the CA?

Also, how do you detect "obscure" CAs in the log? If your CT monitoring daemon has some logic to distinguish "good" from "bad" CAs, why not use that logic directly in the app and implement certificate pinning?

link
thrtythreeforty 819 days ago
I'm curious: What's the defense mechanism for a dodgy CA not publishing a CT log entry for the misused domain?
link
woodruffw 819 days ago
A CT-honoring client should reject an end-entity certificate that isn't accompanied by a SCT. In other words: a dodgy CA that skips CT to avoid disclosure of their mis-issued certificate should be unable to convince any CT-honoring client to accept that certificate.
link
notachatbot123 820 days ago
An adversary might MITM the CT as well.
link
tptacek 820 days ago
How?
link