[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

Fri Apr 18 05:58:09 EDT 2025

On 4/18/2025 9:35 AM, Ron Garret wrote:
>
>> On Apr 17, 2025, at 11:10 AM, Peter Fairbrother <peter at tsto.co.uk> wrote:
>>
>> On 16/04/2025 21:26, Ron Garret wrote:
>>>> On Apr 16, 2025, at 11:55 AM, Andrew Lee <andrew at joseon.com> wrote:
>>>>
>>>> Because it’s literally not any less secure than getting a signed 
>>>> cert from a signer who signs for anybody all the time (eg all of them).
>>>>
>>>> As an example - let’s encrypt will issue to anybody who can prove 
>>>> control of a domain
>>> You have contradicted yourself in the span of two sentences. 
>>>  Proving control of a domain is not very secure, but it's not 
>>> nothing either.  It does prevent some level of deterrence to MITM 
>>> attacks, which would otherwise be utterly trivial.  And this 
>>> deterrent, weak as it may be, is manifestly adequate because the web 
>>> is not falling apart in the face of rampant MITM attacks.
>>
>> Actually, if you control a domain name, you can most probably 
>> see/control traffic to/from it anyway. So no MITM needed.
>>
>> From the user POV, if the cert is issued to domain.com 
>> <http://domain.com>, I'm talking to those who control domain.com 
>> <http://domain.com>. And (hopefully!) it's DNS lookups. Doesn't mean 
>> they *are* domain.com <http://domain.com>, just that they control the 
>> use of the name.
>>
>>
>>
>> If the domain in question is paypal.com <http://paypal.com> or 
>> barclaysbank.com <http://barclaysbank.com>, Paypal and Barclays 
>> should make damn sure that the real Paypal and Barclays bank control 
>> those names.
>>
>> Else they are (mostly) liable for fraud, in the UK at least - the 
>> consumer doesn't set the anti-fraud and security standards, the 
>> financial institution does. So it is responsible for failures of them.
>>
>> Hmmm I wonder why financial institutions don't weigh in on the matter 
>> of the subject? Liability again, I suppose. Are the Financial 
>> Institutions more powerful/influential than the "CA/Browser Forum"?
>
> Sorry, this makes no sense to me.  Certificates protect against MITM 
> attacks, which are trivial to mount with wifi hotspots.  If I control 
> the network access point someone is using, I control everything: DNS, 
> routing, ICMP, the kitchen sink.  The *only* thing I can't do is 
> provide attestation from a third party that the host serving 
> paypal.com <http://paypal.com> possesses the same key that it did the 
> last time the third party tried to talk to it.  And that matters 
> because the third party did not talk to paypal.com 
> <http://paypal.com> over a sketchy wifi hotspot, it talked to it via a 
> hard connection to a router run by a known and presumably trustworthy 
> party.
>
> The point is not so much control of the domain name per se, as it is 
> providing attestation of continuity of content between an access over 
> a sketchy internet connection vs one that occurred over a (presumably) 
> less sketchy internet connection.  It's easy for me to MITM someone at 
> an airport looking for free wifi.  It's a lot harder for me to MITM 
> letsencrypt, and *that* is what matters, not the security of DNS per se.
>
> rg

MITM being difficult does not mean that its impossible. There are 
already examples like where attacker used BGP hijacks to issue 
themselves SSL certs [1]. It can be trivial to do if someone has access 
to ISP network where the domain name resolves to. Certificate 
Transparency is not going to help too, nobody monitors it.

The fix I believe is DNSSEC+DANE.

Regards,
*Shreyas Zare*
Technitium <https://technitium.com/>

[1] 
https://arstechnica.com/information-technology/2022/09/how-3-hours-of-inaction-from-amazon-cost-cryptocurrency-holders-235000/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250418/abb44e58/attachment.htm>