[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

[Theodore Ts'o]

On Sun, Apr 20, 2025 at 11:13:00AM -0400, Kent Borg wrote:
> I thought I saw someone here shrugging off the risk of MitM attacks.
> Be careful. An awful lot of users connect via wifi, and, as flawed
> as the certificate system is, it makes it hard for random evil
> hotspots to pretend to be your bank or your e-mail. If we were back
> at plain http these attacks would be a big problem.

This isn't a theoretical problem; a few years ago, I was staying at
the Tenaya Lodge in Yosemite Park, and was using the Hotel Wifi, and I
detected a MITM attack using a self-signed certificate when trying to
connect to my IMAP server using TLS.  I suspect some users might have
blindly accepted the self-signed certificate, since the warning
message isn't all that easy for civilians to understand.  I just said,
"Nah, Nah, Nah" and used an ssh proxy to route around the the attack.
Apparently the attacker wasn't sophisticated enough to attempt a MITM
attack over ssh, although since I use ssh certs, I would have detected
that too.

> A different point: If bigish nation-state wants to MitM the
> connection to my bank, the certificate system is not the hard
> part. Just get a bent CA to issue the fake certificate they
> need. But mostly this isn't a big problem, nation-states mostly
> can't be bothered and have better options.

Yeah, MITM attacks definitely do not require nation-state resources.
They are available as off-the-shelf solution these days, and in some
cases, they are sold as "enterprise security solution" for corporate
types to use at their border firewall to detect data exfiltration
attempts.  As I recall the self-signed cert at Tenaya Lodge had a
subject name of a major entterprise security provider.

And that doesn't even count just setting up a Raspberry Pi providing
obstensible "free" WiFi hotspot services at an airport or a coffee
shop, as you've pointed out.

						- Ted