[wakawaka28]

Has anyone considered the possibility that a CA such as Let's Encrypt could be compromised or even run entirely by intelligence operatives? Of course, there are many other CAs that could be compromised and making money off of customers on top of that. But who knows... What could defend against this possibility? Multiple signatures on a certificate?

[neilv]

Even funnier, if one SIGINT team built a centralized "encryption everywhere" effort (before sites get encryption elsewhere), but that asset had to be need-to-know secret, so another SIGINT team of the same org, not knowing the org already owned "encryption everywhere", responded to the challenge by building a "DoS defense" service that bypasses the encryption, and started DoS driving every site of interest to that service.

(Seriously: I strongly suspect that Let's Encrypt's ISRG are the good guys. But a security mindset should make you question everything, and recognize when you're taking something on faith, or taking a risk, so that it's a conscious decision, and you can re-evaluate it when priorities change.)

[wakawaka28]

Sounds like Cloudflare honestly. There are many issues with CA trust in the modern Internet. The most paranoid among us would do well to remove every trusted CA key from their OS and build a minimal set from scratch, I suppose. Browsers simply make it too easy to overlook CA-related issues, especially if you think a CA is compromised or malicious.

[Y_Y]

https://knowyourmeme.com/memes/thats-the-joke

[dbt00]

A signature on a certificate doesn't allow CA to snoop. They need access to the private key for that, which ACME (and other certificate signing protocols in general) doesn't share with the CA.

[throw0101a]

> They need access to the private key for that, which ACME (and other certificate signing protocols in general) doesn't share with the CA.

Modern TLS doesn't even rely on the privacy of the private key 'as much' as it used: nowadays with (perfect) forward secrecy it's mainly used to establish trust, and after which the two parties generate transient session keys.

* https://en.wikipedia.org/wiki/Forward_secrecy

So even if the private key is compromised sometime in the future, past conversation cannot be decrypted.

[zzo38computer]

If the CA is somehow able to control the communication (I think usually they don't, but if they are being run by intelligence operatives then maybe they have that capability, although they probably do not use it a lot if so (in order to reduce the chance of being detected)), they could substitute a certificate with their own keys (and then communicate with the original server using the original keys in order to obtain the information required). However, this does not apply if both sides verify by an independent method that the key is correct (and if not, would allow to detect it).

Adding multiple signatures to a certificate would be difficult because the extensions must be a part of the certificate which will be signed. (However, there are ways to do such thing as web of trust, and I had thought of ways to do this with X.509, although it does not normally do that. Another way would be an extension which is filled with null bytes when calculating the extra signatures and then being filled in with the extra signatures when calculating the normal signature.)

(Other X.509 extensions would also be helpful for various reasons, although the CAs might not allow that, due to various requirements (some of which are unnecessary).)

Another thing that helps is using X.509 client certificates for authentication in addition to server certificates. If you do this, then any MITM will not be able to authenticate (unless at least one side allows them to do so). X.509 client authentication has many other advantages as well.

In addition, it might be helpful to allow you to use those certificates to issue additional certificates (e.g. to subdomains); but, whoever verifies the certificate (usually the client, but it can also be the server in case of a client certificate) would then need to check the entire certificate chain to check the permissions allowed by the certificate.

There is also the possibility that certificate authorities will refuse to issue certificates to you for whatever reasons.

[wakawaka28]

I know that. But presumably, Let's Encrypt could participate in a MITM attack since they can sign another key, so that even the visitor who knows that you use them as a CA can't tell there is a MITM. Checking multiple signatures on the same key could raise the bar for a MITM attack, requiring multiple CA's to participate. I can't be the first person to think of this. I'm not even a web security guy.

It might be interesting for ACME to be updated to support signing the same key with multiple CA's. Three sounds like a good number. You ought to be able to trust CA's enough to believe that there won't be 3 of them conspiring against you, but you never really know.

[336611629]

This problem was solved in the mid 2010s by Certificate Transparency. Every issued certificate that browsers trust must be logged to a public append-only certificate transparency log. As a result, you can scan the logs to see if any certs were issued for your domain for keys that you don't control (and many tools and companies exist to do this).

[wakawaka28]

How do you connect to the log provider? Can't that connection be compromised too? It seems like something that browsers would not keep internally.

[harrall]

I wouldn’t consider it “solved” because most organizations and people don’t actually check the log.

And a malicious actor can abuse this fact.

[crote]

Having Chrome/Firefox asynchronously check the CT log 0.1% of the time would probably be enough to solve that.

CT logging is mandatory, and even a single missing cert is probably going to be an existential threat to any CA.

The fact that someone is checking is already enough of a deterrent to prevent large-scale attacks. And if you're worried about spearphishing-via-MitM, you should probably stick to Tor.

[wakawaka28]

How will you establish a connection to the CT log server? Seems like you need a separate way to handle that.

[ryandv]

The signing keys used by the Certificate Authority to assert that the client (leaf) certificate is authentic through cryptographic signing differ from the private keys used to secure communication with the host(s) referenced in the x509 CN/SAN fields.

[wakawaka28]

I know that. At issue is the fact that the signing keys can be used to sign a MITM key. If there were multiple signatures on the original key, it would (or could) be a lot harder to MITM (presumably). Do you trust any CA enough to never be involved in this kind of scandal? Certainly government CA's and corporate CA's MITM people all the time.

Edit: I'm gonna be rate limited, but let me just say now that Certificate Transparency sounds interesting. I need to look into that more, but it amounts to a 3rd party certificate verification service. Now, we have to figure out how to connect to that service securely lol... Thanks, you've given me something to go read about.

[coffee--]

This is where Certificate Transparency -- and it being mandatory for browser trust -- comes in to save the day.

[kragen]

Even access to the private key doesn't permit a passive adversary to snoop on traffic that's using a ciphersuite that provides perfect forward secrecy, because the private key is only used to authenticate the session key negotiation protocol, which generates a session key that cannot be computed from the captured session traffic. Most SSL and TLS ciphersuites provide PFS nowadays.

An active adversary engaging in a man-in-the-middle attack on HTTPS can do it with the private key, as you suggest, but they can also do it with a completely separate private key that is signed by any CA the browser trusts. There are firewall vendors that openly do this to every single HTTPS connection through the firewall.

HPKP was a defense against this (https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) but HPKP caused other, worse problems, and was deprecated in 02017 and later removed. CT logging is another, possibly weaker defense. (It only works for CAs that participate in CT, and it only detects attacks after the fact; it doesn't make them impossible.)

[tialaramex]

In fact knowing the private key for other people's certificate you issue is strictly forbidden for the publicly trusted CAs. That's what happened years back when a "reseller" company named Trustico literally sent the private keys for all their customers to the issuing CA apparently under the impression this would somehow result in refunding or re-issuing or something. The CA checked, went "These are real, WTF?" and revoked all the now useless certificates.

It is called a private key for a reason. Don't tell anybody. It's not a secret that you're supposed to share with somebody, it's private, tell nobody. Which in this case means - don't let your "reseller" choose the key, that's now their key, your key should be private which means you don't tell anybody what it is.

If you're thinking "But wait, if I don't tell anybody, how can that work?" then congratulations - this is tricky mathematics they didn't cover in school, it is called "Public key cryptography" and it was only invented in the 20th century. You don't need to understand how it works, but if you want to know, the easiest kind still used today is called the RSA Digital Signature so you can watch videos or read a tutorial about that.

If you're just wondering about Let's Encrypt, well, Let's Encrypt don't know or want to know anybody else's private keys either, the ACME software you use will, in entirely automated cases, pick random keys, not tell anybody, but store them for use by the server software and obtain suitable certificate for those keys, despite not telling anybody what the key is.

[RiverCrochet]

IF you accept CA certificate X as trusted, then you are assuming anything signed by X is who it says it is. HTTPS server certificates are signed by CAs.

The actual communication is secured by a public/private keypair which is separate from the CA certificate.

Browsers have a set of certificates "pre-accepted", these are the default root certificates. There have been issues with some of them over time (e.g. DigiNotar) and they hav changed over time. If you hear of someone speaking about the "CA cartel" this is what they mean.

So a compromised CA can make you think you are talking to someone, like your bank, when you are not. But it doesn't enable snooping on traffic on the wire.

A CA can protect from this compromise by keeping the root private key entirely offline and signing a couple intermediate CA certificates. Then, if one of those intermediate CAs gets compromised, it can be revoked and a new intermediate CA created. You as a user of the CA can't do much though-either you choose to trust it (or delegate that trust) or don't.

You can create your own self-signed root CA certificates and client/server certificates signed by that CA fairly easily. But you then have to add the root CA as a trusted certificate into every device you want to use it, including those of your friends, employees, etc. This isn't quite as bad as it sounds, the last time I checked even phones would install a new root CA certificate if you opened a .crt file, and deploying CA certificates via Microsoft Group Policy is a thing.

[venturecruelty]

I mean, it doesn't help that the browser duopoly is making it harder and harder to use self-signed certificates these days. Why, if I were more paranoid, I might come to a similar conclusion.