undefined | Better HN

0 pointsSateallia1y ago0 comments

Chrom(e/ium) and Safari don't trust certificates that are not in public logs [0].

[0] https://en.wikipedia.org/wiki/Certificate_Transparency#Manda...

0 comments

Right, and that's a fundamental sea change in PKI security posture since the Iranian "ComodoHacker" and the Soghoian and Stamm compelled issuance paper! My point is just that some attackers might be willing to have their attacks show up in public logs if their victims are unlikely to ever notice that and if nobody else is likely to notice it either.

With Let's Encrypt we made a lot of people's certificate management a "fire and forget" thing, which is exactly what we hoped to do, but if they completely forget about it, it may be that there will be lots of targets against whom nobody would notice certificate misissuance.

SatealliaOP1y ago

I got every self-hosting sysadmin I know to run certificate monitors for sites they maintain but it certainly isn't a common thing to do. I know Cloudflare has a beta certificate monitoring feature which would certainly help a lot with this problem considering their market share if they enable it by default. (Although one problem with this is that they issue backup certificates from other CAs so it'd easily trigger warning fatigue!)

(I wasn't aware of your credentials when I made my previous comment so I assumed you didn't know about mandatory certificate transparency which is a mistake on my part, sorry! I'll make sure to check profile about sections before I assume again.)

amluto1y ago

> Although one problem with this is that they issue backup certificates from other CAs so it'd easily trigger warning fatigue!

Indeed, the fact that Cloudflare emails out CT warnings due to their own backup certs is rather embarrassing.

schoen1y ago

Yeah, I think it's tricky to know how most sysadmins could make good decisions about this information, especially when misissuance is likely to be less than 1% of 1% of all CA issuance and automated renewal is working properly. Warning fatigue is a pretty big deal here!

Also, we made Certbot randomize the subject key by default every time it renews, so you have a huge amount of churn in subject keys, so you can't just say "oh, well, this public key has been used for a long time, so it's probably correct!". Every subject key is typically new and is unrelated to every previous subject key.

I hope that won't turn out to have been a poor trade-off. (We thought it was good to have more turnover of keys in order to reduce the impact of successfully stealing or cryptographically attacking one.)

aaomidi1y ago

The other argument is, why bother MITMing when you can go to Cloudflare and get them to share the data with you :)

yugcesofni1y ago

Not just Safari, but all TLS connections instantiated on Apple OSes

j / k navigate · click thread line to collapse

0 comments

schoen1y ago

SatealliaOP1y ago

amluto1y ago

> Although one problem with this is that they issue backup certificates from other CAs so it'd easily trigger warning fatigue!

Indeed, the fact that Cloudflare emails out CT warnings due to their own backup certs is rather embarrassing.

schoen1y ago

aaomidi1y ago

The other argument is, why bother MITMing when you can go to Cloudflare and get them to share the data with you :)

yugcesofni1y ago

Not just Safari, but all TLS connections instantiated on Apple OSes

j / k navigate · click thread line to collapse