SSL is broken - the backdoor is built in


#1

Any owner of any CA authority private key can lauch a man in the middle attack and your browser will show you a green icon confirming “perfect” security.


#2

It’s not broken. That’s just how it works. The whole system is based on that you trust the CAs. The verification that you are connected to the correct domain must come from somewhere.


#3

That’s not necessarily true, you can used Public Key Pinning, also known as Certificate pinning, to fix a certain certificate to your domain. You users are protected on any subsequent visit much like with HTTP Strict Transport Security, and browser are gradually adding support for pre-shipped pins.

  1. RFC for Public Key Pinning Extension for HTTP
  2. Certificate and Public Key Pinning on OWASP

#4

Continuation as I’m a “new user”.

  1. HTTP Public Key Pinning on WikiPedia
  2. SecurityEngineering/Public Key Pinning on Mozilla.org

#5

Public key pinning does not protect a first time visitor.

Furthermore if I select “delete all private data”, the pinning information is deleted too. At least in Firefox for Android.

For testing just visit https://pkptest.projects.dm.id.lv/pkp-testresult.html after deling all private data.


#6

There is also DNS-based Authentication of Named Entities (DANE) but it’s sadly not very widespread :(.


#7

@xypron, I think everybody involved with Let’s Encrypt is concerned with the kind of power that the certificate authority system has given to CAs and how that power could be abused if the CAs are compromised or misissue certificates. This is something that has certainly happened in the wild before on several occasions, not simply a hypothetical risk.

Fortunately there are people working on mechanisms that make the system more transparent and accountable than it has been in the past. We’ve talked a lot about those mechanisms in other places; some of them include HPKP (plus reports of pinning violations, plus preloading in some instances), Certificate Transparency, several projects to collect, analyze, and (in some cases) publish observations of what certificates are being presented in the wild, and in some limited senses CAA and DANE, which add additional information in the DNS.

Our project is eager to ensure that we and other CAs become much more transparent and accountable. That doesn’t mean that the CA system is necessarily the best or safest possible design for public key distribution on the Internet, and people should continue to propose and try to deploy other mechanisms that may work better, including mechanisms that might some day supersede the CA system.

However, the Internet and its services are already up and running, and people already depend on them. Right now we have a huge number of cleartext services and a massive amount of tampering and surveillance that are perfectly happy to take advantage of that cleartext. So we want to address this by getting the largest possible level of deployment of the security mechanisms that people already have in their client software, while recognizing that some attacks are possible and trying to find and roll out mitigations for them.

We emphatically don’t think that CAs are somehow perfect or beyond reproach that people should simply believe what they say. CAs have misissued before; their ability to do so is an important security threat. There’s a lot that can go wrong. Mechanisms that reduce these threats are important contributions and deserve our support.

On the bright side, misissuance isn’t impossible to detect – the client gets a copy of the certificate it’s being asked to accept, after all! – and it’s taken very seriously by the Internet security community. If a CA deliberately misissued a certificate and an attacker presented that to a lot of victims, you would see a very swift response, as has happened when instances of misissuance have come to light in the past.


#8

Well it is still useful for the hobbyists. I have 2 domains I only use for personal projects, the most common visitors are myself and bots trying to find an admin panel for PHPMyAdmin/Wordpress/etc.
Currently I don’t have any SSL except for perhaps 1 or 2 things. Those have no certificate authority attached so the browser always complains about them.
A Letsencrypt certificate would be perfect.
I think this is also the primary target group for this service. Website owners who are too small to get a proper paid solution. This may not be the perfect security solution, it is way way better than just HTTP.