On Wed, Jan 2, 2013 at 2:27 PM, William Herrin <bill@herrin.us> wrote:
On Wed, Jan 2, 2013 at 3:10 PM, George Herbert <george.herbert@gmail.com> wrote:
On Wed, Jan 2, 2013 at 11:36 AM, William Herrin <bill@herrin.us> wrote:
Communications using a key signed by a trusted third party suffer such attacks only with extraordinary difficulty on the part of the attacker. It's purely a technical matter.
While I agree with your general characterization of MIIM, the "extraordinary difficulty" here is not supported.
AFAICT someone finds a way to get themselves a certificate for a domain they don't control every couple years or so. The hole is promptly plugged (and the certs revoked) before much actually happens as a result. Has your experience been different?
Are you, at this moment, able to acquire a falsely signed certificate for www.herrin.us that my web browser will accept?
You're right that false certificates have been issued in the past. You're right that false certificates will be issued again in the future. No security apparatus is 100% effective. But if despite your resources you in particular can't make it happen in a timely manner, that's a meaningful barrier to mounting a man-in-the-middle attack against someone using properly signed certificates.
Regards, Bill Herrin
There are three vectors of attack: One, asking a CA for a cert in someone else's name and it gets issued. As you noted, generally discovered pretty quickly and shut down, but there's no robust external verification for the discovery process. Also, the verifications the CAs perform to validate the user could be subverted, as noted earlier in conversation, so they could receive false assurances that it was the right entity asking for the keys. That subversion could happen via registrar account hacking (known problem) among other places, along with technical measures to monitor unencrypted validation emails sent to proper authoritative domain contact emails. Two, a CA's keys can go walking (either due to technical penetration or human corruption), and then external parties can issue their own certs as if they were the CA. If identified the CA can revoke its own key and re-issue all the client certs from a new one, but someone needs to identify that it happened. This is alleged to have happened at least twice, once of which the CA was shut down over, the other one of which became opaque and ambiguous, and therefore untrustworthy. Three, there may be crypto flaws we don't know about still lingering, or a CA could choose easily factored numbers by bad luck and someone could luck out grinding them. Not a high risk (anyone SHOULD grind their own keys some to check them for that) but nonzero. Can I go get a key for your site right now? I'm not going to spend the afternoon trying (I'm working for a living) but I am reasonably sure I could do so. Lax checks by CAs are well described elsewhere. If push came to shove and minor legalities were not restraining me, I recall (without checking) your domain's emails come to your home, and your DSL or cable line is sniffable, so any of the CA who email URL validators out could be trivially temporarily spoofed (until you read your email and responded) by tapping your data lines. BGP games to snarf your traffic are another venue, possibly not yet even covered by wiretap laws that I know of, though I'm not currently an ISP in a position to personally do that to you. The same is possible but slightly harder for midsized corporate entities. Still possible but much harder for large ones. If you're going to argue that that's cheating, that IS the threat envelope... -- -george william herbert george.herbert@gmail.com