They could mint certificates, for / about any name. But, those certificates won't work in popular applications unless the certificates include proof of logging.

So to be effective this means a hypothetical bad actor (maybe the US government or anybody else) issues bogus certificates, then either logs them - making a permanent record for everybody to see, or also subverts two or more logs, so that they issue bogus proofs.

This is a very expensive one shot attack on whatever the target would be, I guess it's not stupider than "Let's bomb Iran for no good reason" but it's up there.

▲

basilikum an hour ago | parent [-]

For the vast majority of cases, would anyone notice these malicious certificates being created and logged?

▲

toast0 16 minutes ago | parent | next [-]

I don't subscribe for my personal domains, because who cares, but when I was in charge of certificates for something important I subscribed to notifications from several providers to make sure I didn't miss anything.

I would like to think at least all the high profile destinations have someone watching.

▲

nickf 39 minutes ago | parent | prev | next [-]

For any target of sufficient value that a government would do that, yes. Of course it doesn't happen anyway, because governments don't have some kind of secret access to CAs.

▲

tialaramex an hour ago | parent | prev [-]

What constitutes the "vast majority" ? Periodically I check mine, and I sometimes have reason to check others, I no longer run my own log auditing (I did when I worked somewhere else because it was close to my main field of interest) but other people do.

	▲	basilikum 33 minutes ago \| parent [-]
		How can you check other people's certs? How do you know whether a cert issued is authorized by them or not? The only one who can check for maliciously published certs is the entity authorized to request them. I think most companies are happy when they manage to have valid, not expired certs and do not care too much about making sure there are not too many of them. You are right that if the state would start issuing malicious certs en mass that would be found out quickly. But I think very targeted selected operations against entities where they know the entity is unlikely to surveil for unauthorized certs are very much possible. I'm not arguing for going into conspiratorial thinking and claiming CAs are all compromised and issuing malicious certs all the time. But I do think that it is feasible for states to use CAs under their direct or indirect control to run targeted attacks. I think that is a plausible, serious risk that we do not care enough about and that we should do something about. There is a multitude of precedence starting from LavaBit over the wiretapping of jabber.ru^1, ANOM^2 to CryptoAG^3 that supports this conclusion. [1]https://notes.valdikss.org.ru/jabber.ru-mitm/ [2]https://en.wikipedia.org/wiki/Operation_Trojan_Shield [3]https://en.wikipedia.org/wiki/Crypto_AG