Certbot v man-in-middle

So is the current certificate adequate secure to prevent the NSA, CIA, FBI etc etc from snooping at a users web habits?

What does your question have to do with your title? If an attacker can force mis-issuance of a certificate, and the rightful cert owner doesn't spot it (i.e., through cert transparency logs), the attacker can likely read the plaintext of all traffic to or from the site--i.e., act as a man-in-the-middle. Neither certbot nor Let's Encrypt is in any way relevant to this question, nor is the cert they would issue.

If your question deals with the encryption on the TLS connection itself, the cert doesn't determine the encryption algorithms used by the client and server, so it's once again irrelevant.

Your question reads like you don't have the foggiest idea how any of the relevant technologies works, nor what any of the relevant players do, but perhaps it's just unclear.

3 Likes

I have seen DNS servers attacked to distribute malware

so now DNS servers are hardened and they have a certificate as well

I was hoping people here were adequately skilled to handle security needs more widely to make the internet safer

Internet users (and servers) have a huge and varied “attack surface;” TLS addresses only a part of that, and Certbot deals with only a part of that. So, I’m afraid your question is worded far too broadly to be answered in anything less than three or four pages of text.

6 Likes

I can only hope for the best and garner some ideas

That’s a nice thought! But that being said, this probably isn’t the right forum for a wide-ranging discussion of structural Internet security issues in general. There’s just too much.

4 Likes

All I know is my server is firewalled, admin account is 512-bit hard and sophicted defenses protect the content

I do what I can and post ideas as I learn more

ISRG provides a secure, open, and transparent service for the public's benefit. As such, ISRG opposes the introduction of a back door, specialized law enforcement or government access, or any other deliberate weakness in Let's Encrypt or any of our systems. As of the date of this report, we have never received a request or demand of any kind, formal or informal from any government agency anywhere in the world, that ISRG include a back door, specialized access, or any other deliberate weakness in Let's Encrypt. If we were to receive such a request, we would oppose it with all the legal and technical tools available to us.

Perfect, keep it up.

Remember that there's always more to learn. Continue to challenge your previous understanding of things. That's how we grow.

6 Likes

Thanks for posting the transparancy report. I looked the paper and see only 1 legal action.

I checked my site on the Lumen database it is clean it squeaks.

The reason I am here at all is the open source nature where all can look for themselves to see if its suitable. Unlike Balmer who said Linux is a cancer.