Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Posted Mar 24, 2015 6:12 UTC (Tue) by ttonino (guest, #4073)In reply to: Google: Maintaining digital certificate security by josh
Parent article: Google: Maintaining digital certificate security
Posted Mar 24, 2015 8:49 UTC (Tue)
by marcH (subscriber, #57642)
[Link] (8 responses)
It's not broken; it's only "centralized". As in: the nearest to the center you are, the easier you can spy.
Posted Mar 24, 2015 9:01 UTC (Tue)
by ttonino (guest, #4073)
[Link] (7 responses)
Posted Mar 24, 2015 16:57 UTC (Tue)
by jeff_marshall (subscriber, #49255)
[Link] (6 responses)
While DANE isn't perfect, at least it reduces the number of potential points of failure for any given domain (Verisign for .com + whoever you put in your TLSA record). IMO, it would definitely be an improvement if any old cc-based CA couldn't successfully convince my browser that the certificate it just signed was valid.
Posted Mar 25, 2015 12:36 UTC (Wed)
by gerv (guest, #3376)
[Link] (5 responses)
They are if you deploy HPKP, which was invented precisely to give sites an opt-in way to avoid this problem.
Gerv
Posted Mar 25, 2015 14:50 UTC (Wed)
by cesarb (subscriber, #6266)
[Link] (4 responses)
Posted Mar 25, 2015 15:33 UTC (Wed)
by gerv (guest, #3376)
[Link] (3 responses)
Gerv
Posted Mar 25, 2015 16:24 UTC (Wed)
by josh (subscriber, #17465)
[Link]
Posted Mar 25, 2015 21:05 UTC (Wed)
by cesarb (subscriber, #6266)
[Link] (1 responses)
That's not a strong argument.
First, if my home connection (or work connection) is persistently MITM'ed, and I always (or almost always) use it, it's likely that both the first visit and all subsequent visits to any site will be MITM'ed.
Second, let's take a real example: online banking. The first time I ever connect to it, I set up the online password by using the ATM password. The online banking website asks for the ATM password as an extra verification when doing important transactions. That is, the first time I connect to that online banking website is precisely when I need the most for it to NOT be MITM'ed.
Sure, HPKP can remove a lot of the risk in many situations (nomadic devices, MITM starting after you've already visited the site, etc), but there are several situations in which it doesn't help.
Posted Mar 25, 2015 21:34 UTC (Wed)
by dlang (guest, #313)
[Link]
There are a lot of cases where something like this does help, and if it can be coupled with something like the ssh key update things so that planned migrations from one key to another don't generate noise for users, there would be a lot of value in it.
Posted Mar 24, 2015 9:32 UTC (Tue)
by Aissen (subscriber, #59976)
[Link] (4 responses)
Posted Mar 24, 2015 9:52 UTC (Tue)
by matthias (subscriber, #94967)
[Link]
Maybe this would not help much against NSA, as they might be able to steal the secret key of the root CA, but this helps against all those little criminals, that just want to break my banking security to empty my bank account.
With SSL it is enough to get hold on the private key of one of the thousands of sub-CAs available. With DANE (ontop of DNSSEC), the attacker needs access to the root key, the key of the TLD, or the key of my bank. I would feel much better if I just have to trust these three instances, instead of the thousands of CAs out there.
Posted Mar 24, 2015 13:45 UTC (Tue)
by job (guest, #670)
[Link]
What DNSSEC allows is this issuance to be made cryptographically secure, so Widget Ltd. can prove that they are indeed the legitimate owner of widgets.com. And DANE hijacks this cryptographic assurance to transfer TLS keys.
For all practical purposes, this system does not place more trust in TLD operators as they already have the power to delegate (and by extension, get a certificate for) a domain. In a DANE-only system, you would remove or reduce the complete trust in every CA world wide. But no one is currently proposing that, and it's not going to happen overnight.
However, not many are using it, which shows. There is a big push to modernize TLS right now (RC4 and SHA1 is out, ECDHE and GCM is in, for example), and no one is really looking at DNSSEC.
Posted Mar 24, 2015 16:36 UTC (Tue)
by flussence (guest, #85566)
[Link]
DANE as currently specced can be used in two ways: ignore a compliant user-agent's pre-trusted CA list entirely (leaving the DNS as the sole chain of trust), or augment it as a whitelist where the TLSA records have to match the site and CA certificates presented.
The latter would require an attacker to not only MITM with a "trusted" certificate in the browser's store, but also do the same for DNSSEC.
Posted Mar 25, 2015 11:57 UTC (Wed)
by rich0 (guest, #55509)
[Link]
Using DNSSEC for SSL certs would still give them the same power over .com, but it would eliminate its ability to spoof anything outside of that domain.
Then if a website owner doesn't trust Verisign, then can just avoid .com.
There is no simple solution to PKI that doesn't involve trusting somebody. However, using a hierarchical system tied to DNS at least greatly reduces the amount of trusting that you have to do. Right now navy.mil has to trust some Chinese CA to not spoof it, and vice-versa. In what world does that make sense?
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Since trust-roots aren't restricted to the domains over which they should have authority
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Google: Maintaining digital certificate security