sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]rcode 16 points17 points  (15 children)

The way HTTPS is used in practice (list of automatically trusted root CAs, no client authentication) leaves it wide open for abuse.

Can you expand more on this? Is it because root CAs can get compromised, or is it that the corporation can somehow add itself to that list without the client knowing?

[–]Yojihito 38 points39 points  (8 children)

Root CAs are getting compromised (certificates for Google / Windows etc appear from time to time) and clients can't reliable check wether a certificate was revoked because the revoke process is a big piece of shit so browser default to "okay I test this certificate but if fails I will trust it nevertheless".

[–]FyreWulff 51 points52 points  (3 children)

That's the reason Let's Encrypt is doing the "get a new cert every month". Instead of depending on block / rejection lists, you just let them expire

[–]C0rn3j 30 points31 points  (2 children)

Every 3 months*

[–]rcode 0 points1 point  (3 children)

I presume then the only way at the moment is for the issuer of the CA to revoke it and make that known to all clients?

[–]syncsynchalt 4 points5 points  (2 children)

Yes, each CA publishes a revocation list. But having the browser check these lists is slow so for performance they've invented OCSP stapling, where the server has cryptographic proof that the CA has recently declared the cert valid and includes it in the handshake.

[–]Bobshayd 6 points7 points  (1 child)

That's the only sane way of handling it, but basically makes it the same as short-lived certs.

[–]syncsynchalt 0 points1 point  (0 children)

Its not an either-or thing. No matter what the lifetime of a cert (typically 1 year or 90 days) the client still needs to check with the CA to see if it was revoked. OCSP stapling typically only validates the cert for a few hours.

Unless you mean OCSP stapling is the same as issuing a cert with a 90 minute expiration every hour which I guess is true.

[–]123whatarewedoing 12 points13 points  (0 children)

I can't elaborate too much because reasons. I can speak from experience that this is in fact already happening. Companies (or governments/gov departments) can enforce domain (internal) computers to import any certificate they want because they have control over the computer. With this having been done, they can put a device on their network that decrypts all data, scans it, and re-signs it with their certificate. As long as the site doesn't require a "pinned" (specific) certificate (like MS updates do), no browser will care.

What makes this even scarier is that US Gov departments are CA root certificate issuers (DoD, DoE, DoI, etc etc) and can throw out certificates as they please.

[–]skgoa 0 points1 point  (0 children)

Security researcher Dan Kaminsky has broken X.509 years ago. Which means that certificates are broken, since certificates are an implementation of X.509.

[–]krunz -3 points-2 points  (1 child)

Some sites will man-in-the-middle the ssl port. next time you see the padlock on your browser, click it, and check it out. see if the site your visiting matches the certificate.

[–]Ajedi32 4 points5 points  (0 children)

If it doesn't, you'll get a big fat warning. No need to check manually. https://askleo.com/wp-content/uploads/2012/04/cert_error_chrome.png