All TLS/HTTPS clients have a set of Certificate Authority keys which they trust. Your client will only accept a public key which is signed by a trusted CA's key. A proper CA will not sign a key for a domain when it has not verified that the entity that wants it's key signed actually controls the domain.
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
A proper CA will not sign a key for a domain when it has not verified that the entity that wants it's key signed actually controls the domain.
Most browsers trust many certificate authorities from all over the world.
Any of them could...
- be compelled by authority
- be compelled by threat
- be hacked
- have a lapse in ethics
- have a rogue employee
- etc.
...and yes, it has happened already.
HTTPS as most of us use it today is useful, but far from foolproof. This is why various additional measures, like certificate pinning, private CAs, and consensus validation are sometimes used.
I urge everybody to read up on CAA records in DNS and add them to your domains. They basically say what CA the certs for that domain are supposed to come from. Even if another CA issues valid certs for the domain they would be rejected if they don't match the CAA în DNS. It takes 5 minutes.
You can specify the valid CA in the form of its representative domain, for example to allow Let's Encrypt you'd add 0 issue "letsencrypt.org"
. If you want to allow multiple CA you add multiple CAA records. They enter into effect if at least one CAA record is present. You can also restrict the challenge type, for example 0 issue "letsencrypt.org;validationmethods=dns-01"
.
Please note that this is worth adding a CAA record even if you don't use your domain for HTTP and you don't issue any certs for it, because a rogue CA can do it for you. You can add a blank CAA record (0 issue ";"
) which basically forbids any CA.
(And yes, this also applies to email. It's worth adding restrictive records even if you don't use your domain for email.)
They mean CAA records:
https://developers.cloudflare.com/ssl/edge-certificates/caa-records/
Right, I'll fix it.
Thats why we now have certificate transparency reports and CA-records.
Sure not perfect, but at least with a compliant CA it wont just happen in the dark.
At some point you have to trust someone.
It is indeed true that some CAs have seriously misbehaved; however, browser builders are rather strict on the presence of the CAs they trust. Misbehaving or even simple errors are reasons for getting kicked out, after which certificates signed by those CAs are now no longer valid.
The certs are still valid.
They are just not implicitly trusted
You are technically correct, best kind of correct
I'm somewhat skeptical. What if LetsEncrypt decided to misbehave tomorrow? Would the browsers have the guts to shut it down and break all sites using it?
Yes, they will. We’ve seen it before in mostly less serious cases: Diginotar, Türktrust, Symantec, etc. As brittle as the CA system can be, when there is real enough trouble, CAs do get revoked.
Misbehaving or even simple errors are reasons for getting kicked out,
That can be helpful if a transgression is noticed, and it's not orchestrated by a higher authority (e.g. government), and the damage isn't already done.
browser builders are rather strict on the presence of the CAs they trust.
Of course, browser builders are vulnerable to influence, attack, accidents, questionable judgment, and blind spots just as certificate authorities are.
I agree, it’s far from perfect.
It is possible and it has been done.
You need to get your "hacker" key signed/certified by an official CA. Which is not that difficult with some of them because they are doing it for money.
You don't really 'need to' in a world where a good proportion of people will happily click 'continue anyway' when they get any sort of certificate error
Thats why we have HSTS and HSTS preloading, so the browser refuses to allow this (and disabling it is usually alot deeper to find than a simple button to "continue anyways")
In Chromium browsers you can simply type "thisisunsafe" to bypass even HSTS failures.
people will happily click 'continue anyway'
Not possible without a certificate. There will be no TLS connection, only an error message. No 'click continue'.
It is trivial for an attacker to make self-signed TLS certs, and you can absolutely just click “continue” on sites that use them when you get a warning from the browser
What browser is that?
Firefox, Chrome, Edge, will all warn you about self-signed certs or cert mismatches but allow you to continue. You're completely correct that SSL/TLS needs a certificate, but it doesn't need to be CA issued or in any way legitimate for the encrypted tunnel to be established
I am personally using firefox and referencing my own servers that use their own self-signed TLS certs that I have not bothered to load onto my pc because they aren’t public, but chromium-based browsers aren’t some outlier here
Your own servers probably also dont have HSTS enabled, or clicking continue will be disabled (if not overwritten in your browser-config)
Reading the HSTS spec, it doesn’t work on first connection, and while most people are using websites they access more than once, that notably isn’t all web use.
It would be inherently impossible for HSTS to work on first connection, you are correct.
As others have mentioned, a trusted 3rd party signs the correct key so your browser can check the key itself.
However, it should also be noted that your browser must have a list of trusted 3rd parties and their certificates used for signing in order to perform this check. It's entirely possible to modify this list yourself. Some examples include:
- executing your own MITM style "*attack" in order to intercept and analyze local https traffic
- corporate network inspection and monitoring, where a gateway does the above for all devices on the network which have a CA cert pre-installed through some policy
So while it's possible for trusted 3rd parties to issue valid certificates to bad actors, it's also possible to add anyone (you, your employer, or some bad actors) to the trusted parties list.
Add Norton to that list. They also perform their own MITM attack on your pc to ensure your certificates are "safe"...
It should also be mentioned that you can get a CA to sign your certificate just before your domain expires, so you can attack whatever website is going to buy your domain next
An additionap note on what a certificate is, to supplement everyone here who've desceibe howbthat's the missing piece:
A certificate's first main purpose is being the vehicle vy which the public key is distributed, but additionally it contains information ABOUT the owner. Then the whole thing is digitally signed with the private key (and also a trusted CA's private key), so that a receiver can validate the authenticity of the cert with the public key.
The "info" in the cert can theoretically be anything, but the most important one is the domain. Your browser knows that visiting google.com is secure because it checks the cert it gets from google.com to see if it states that it owns the google.com domain, and then we trust the root CAs around the world to make clients prove they own that domain, before issung a cert for it.
What if a hacker were to obtain the Master Key Certificate to the entire Internet? How much damage could be caused by that?
All the damage.
Which is why that cert (and its private key) are kept offline in a secure facility that takes multiple authorized people to access.
https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/
Here is an alternative Piped link(s):
https://piped.video/watch?v=w0QbnxKRD0w
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.