Hacker News new | ask | show | jobs
by davb 4261 days ago
To be fair, I don't personally trust the root CAs that my browsers and OS's trust. There are hundreds of them, from many countries. I think it's a reasonable expectation that at least some are corrupt.

Unless I trust each CA, their processes and every employee who could circumvent them, the current CA infrastructure is inherently unsafe. Self-signed certificates are only marginally less trustworthy (rather than having to compromise a CA, a bad actor would simply have to generate a new certificate and hope that I don't check the fingerprint - and I wouldn't check it).
2 comments
nbevans 4261 days ago
Yes, there was a very large European root CA that was compromised and was actively being used for MITM attacks except this time the web browser address bar would still "turn green". Which is pretty much as bad as it gets.

Root CAs are not really trustworthy. Manually trusting a self-signed cert is, probably, more secure in the long term. You take control of trust, rather than delegating it out to some faceless corporation who can be corrupted or hacked.

link
davb 4260 days ago
The issue is how to know when the self-signed cert if trustworthy. I agree that the root CA trust system is not the answer, and web of trust doesn't work in practice, but I don't know how we can know if a self-signed cert is trustworthy in the first place. Besides doing out of band fingerprint verification (assuming the sideband isn't also compromised).

That said, I'd be more inclined to trust a self-signed cert of a CA signed one. I don't even know half the CAs that my device trusts, and some I recognise (government ones) I explicitly wouldn't trust.

link
wahsd 4261 days ago
My understanding is that CAs have been compromised for a while now. Does no one remember the RSA scandal and the NSA's manufactured hash collisions through deliberate injection of vulnerabilities into random number generators? I may be off a bit but I recall the revelations basically concluding the whole system was compromised at the fundamental level.
link
dynode 4261 days ago
Do you have any links or sources?

I too remember something like that, but was under the impression that CAs are still ok.

But of course, judging by the massive downvoting you've gotten, I suppose you're incorrect. I wish those downvoters would explain their viewpoint rather than downvoting...

link
brianpgordon 4261 days ago
You're thinking of https://en.wikipedia.org/wiki/Dual_EC_DRBG which wouldn't affect the secrecy of private keys.
link
LLWM 4260 days ago
There's no reason to go to so much trouble when plenty of common root CAs are using MD5 or even MD2 signatures.
link