I own example.com, which points to 123.123.123.123. My corrupt government decides to intercept traffic to 123.123.123.123. They temporarily host a server on this IP, and use certbot to generate a certificate for example.com, which they can do since it still points to 123.123.123.123, allowing the HTTP-01 challenge to work. Since they now have a valid certificate for example.com, they can MITM HTTPS traffic to 123.123.123.123.
Is there anything I'm missing here? What's to stop such a scenario from taking place?
Hello @Zipdox, welcome to the Let's Encrypt community.
The would need a permanent host, since the certificate the got would need their private key to server HTTPS. And you are assume the HTTP-01 challenge, but you still could use the DNS-01 challenge to obtain a certificate and use that certificate and share with your users what the certificate is so they can validate the are directly talking to your server and not a man-in-the-middle (I know kind of a pain). And I am assuming that your corrupt government does not control the DNS Name Servers you are using.
If any entity controls enough of the overall "local" infrastructure such that they can hijack/intercept global-level DNS resolution, there's not much you can do to prevent such an overwhelming force. They wouldn't even need to control routing to your IP address. They could just point the DNS record responses elsewhere.
For certificate concerns, the entity would need to be able to deceive the CA into resolving DNS requests to the records of the entity's choosing, which would require great authority/influence. Hence, multi-perspective validation.
Somebody else can fill in the details here, but the primary suggestion I have is to use CAA records with account binding and DNSSEC. Assuming the government of concern doesn’t control the TLD.
In this scenario I'm assuming everything DNS is outside of the reach/jurisdiction of the hypothetical corrupt government, and said government only has control over local IP infrastructure.
The entity (e.g. corrupt government) could fool "local" global DNS resolution, but not global global DNS resolution (like how a CA would only trust the true chain of authority from the TLD servers).
What you ask is essentially the heart of the trust and authoritative concept.
The basic question:
Can a bad actor fool your visitors into trusting false information? I suppose if the bad actor could replace the certificates in your visitors' trust stores or intercept your CA signature requests to point to their own MITM CA for which your visitors have the bad actor's certificate in their trust stores, that could be a problem.
Before it happens: Not much [yet].
In the [possibly near] future, you may be able to limit cert issuances to only specific account(s) within specific CA(s).
After it happens: CT logs would show the issuance of the "unauthorized" cert.
If you have secure control over the private key of a certificate that is signed by the actual CA, the bad actor would need to MITM service for your domain name with their own certificate that's actually trusted by your visitors.
For the truly paranoid: You could encrypt the conversation twice.
[this requires using specialized software and planning to stop MiTM from successfully decrypting the conversation]
Yep, since the actual CA couldn't be fooled by a "local" bad actor into trusting CAA records from the "local" bad actor. The actual CA would go to "the source".
We need to keep in mind that the bad actor's "corrupt CA" would simply ignore the CAA record if they can MITM service of the entire domain name. This means that a bad actor could serve any certificate they want for your domain name to your visitors, so long as your visitors will trust that certificate. Control over the trust store is everything.
I'm aware of the Kazakhstan MITM attack scenario. This relies on users installing a certificate on their devices though. My hypothetical attack involves tricking a legitimate CA into issuing a valid certificate.
