Hacker News new | ask | show | jobs
by MattPalmer1086 563 days ago
Things like this make me wonder why certificates are not also signed by the certificate owner.

Right now, a CA can issue a certificate for any public key and domain they like. A rogue trusted CA can intercept all traffic.

If a certificate also included a signature by the owner of the public key signed by the CA (using their private key, signed over the CA signature), then a CA would no longer have this ability.

What am I missing?
3 comments
rhplus 563 days ago
> What am I missing?

The chain of trust for all the certificates in your example is established by trusting the rogue CA root certificate. The CA (or a bad actor who misled the CA through real-world fraud) could be the “owner” of the key pair you’re trusting for the second signature.

link
MattPalmer1086 562 days ago
Good point.
link
3np 563 days ago
> What am I missing?

Infrastructure and processes for key distribution and revocation. Reusing the existing PKI infrastructure used for CA trust roots won't handle it. Perhaps public keys/certs could be distributed over DNS, like for DANE (or maybe even using DANE)?

Not saying it can't be done, just to point out how it's not trivial and requires buy-in from incumbents across the ecosystem.

https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na...

I like your general idea of improving the status quo by adding decentralized/self-managed trust on top of/alongside the existing centralized PKI. Could be a stepping stone towards something more systematically resilient.

link
MattPalmer1086 562 days ago
Oh sure, any change to X.509 certs would require a lot of change.

I'm not sure it would make much difference to most of the existing PKI infrastructure though. CAs wouldn't see any difference. For example, currently this is what happens:

1. Owner: generate CSR and send to CA 2. CA: validates owner identity, signs cert and returns cert to owner.

All we would then add is:

3. Owner: signs cert with own private key and uses it.

As far as I can see, the only other changes required would be to clients (so they could reject non owner signed certs), and maybe some revocation stuff.

link
bawolff 562 days ago
This doesn't make sense to me. What would you be trying to prove/show with step 3? How would it be different from the status quo?
link
MattPalmer1086 562 days ago
It doesn't help at all, just a poorly thought out idea.
link
bawolff 562 days ago
The entire point of a CA is to verify public keys. If the certificate owner already has a verified public key (to sign the certificate with), there would be no need for a CA.
link