| |
| ▲ | xorcist 2 days ago | parent | next [-] | | This is a bad faith argument. Whatever measures Google takes to prevent this (certificate logs and key pinning) could just as well be utilized if registrars delegated cryptographic trust as they delegate domains. It is also true that these contemporary prevention methods only help the largest companies which can afford to do things like distributing key material with end user software. It does not help you and me (unless you have outsourced your security to Google already, in which case there is the obvious second hand benefit). Registrars could absolutely help a much wider use of these preventions. There is no technical reason we don't have this, but this is one area where the interest of largest companies with huge influence over standards and security companies with important agencies as customers all align, so the status quo is very slow to change. If you squint you can see traces of this discussion all the way from IPng to TLS extensions, but right now there is no momentum for change. | | |
| ▲ | tptacek 2 days ago | parent [-] | | It's easy to tell stories about shadowy corporate actors retarding security on the Internet, but the truth is just that a lot of the ideas people have about doing security at global Internet scale just don't pan out. You can look across this thread to see all the "common sense" stuff people think should replace the WebPKI, most of which we know won't work. Unfortunately, when you're working at global scale, you generally need to be well-capitalized, so it's big companies that get all the experience with what does and doesn't work. And then it's opinionated message board nerds like us that provide the narratives. |
| |
| ▲ | throwaway2037 3 days ago | parent | prev | next [-] | | This is a great point. For all of the "technically correct" arguments going on here, this one is the most practical counterpoint. Yes, in theory, Verisign (now Symantec) could issue some insane wildcard Google.com cert and send the public-private key pair to you personally. In practice, this would never happen, because it is a corporation with rules and security policies that forbid it. Thinking deeper about it: Verisign (now Symantec) must have some insanely good security, because every black hat nation state actor would love to break into on their cert issuance servers and export a bunch of legit signed certs to run man-in-the-middle attacks against major email providers. (I'm pretty sure this already happened in Netherlands.) | | |
| ▲ | codethief 3 days ago | parent | next [-] | | > every black hat nation state actor would love to break into on their cert issuance servers and export a bunch of legit signed certs to run man-in-the-middle attacks I might be misremembering but I thought one insight from the Snowden documents was that a certain three-letter agency had already accomplished that? | | |
| ▲ | 9Ljdg6p8ZSzejt 2 days ago | parent [-] | | This was DigiNotar. The breach generated around 50 certificates, including certificates for Google, Microsoft, MI6, the CIA, TOR, Mossad, Skype, Twitter, Facebook, Thawte, VeriSign, and Comodo. Here is a nice writeup for that breach: https://www.securityweek.com/hacker-had-total-control-over-d... | | |
| ▲ | 9Ljdg6p8ZSzejt 2 days ago | parent [-] | | Edits: I believe this is what you were referring to. It was around 500, not 50. Dropped a 0. | | |
| ▲ | codethief 2 days ago | parent [-] | | I do remember that breach but that was before Snowden. I'm relatively sure Snowden published some document about the NSA trying to undermine CAs, too. |
|
|
| |
| ▲ | Ajedi32 2 days ago | parent | prev | next [-] | | This isn't about the cert issuance servers, but DNS servers. If you compromise DNS then just about any CA in the world will happily issue you a cert for the compromised domain, and nobody would even be able to blame them for that because they'd just be following the DNS validation process prescribed in the BRs. | |
| ▲ | tptacek 2 days ago | parent | prev [-] | | Verisign (Symantec) can't do anything, because the browsers distrusted them. |
| |
| ▲ | ysleepy 2 days ago | parent | prev | next [-] | | That only works for high profile domains, a CA can just issue a cert, log it to CT and if asked claim they got some DNS response from the authoritative server.
Then it's a he said she said problem. Or is DNSSEC required for DV issuance? If it is, then we already rely on a trustworthy TLD. I'm not saying there isn't some benefit in the implicit key mgmt oversight of CAs, but as an alternative to DV certs, just putting a pubkey in dnssec seems like a low effort win. It's been a long time since I've done much of this though, so take my gut feeling with a grain of salt. | | |
| ▲ | tptacek 2 days ago | parent [-] | | DNSSEC isn't required by anything, because almost nobody uses it. |
| |
| ▲ | Ajedi32 2 days ago | parent | prev [-] | | Right. 'You can't "distrust" .com.' is probably not true in that situation. (If it were actually true, then "what happens" would be absolutely nothing.) I think you're undermining your own point. |
|
