Forgot your password?
typodupeerror
The Internet Government Networking Security IT

Another CA Issues False Certificates To Iran 229

Posted by timothy
from the bad-juju dept.
arglebargle_xiv writes "Following on from Comodogate, we have another public CA issuing genuine false certificates to Iran, this time for Google. There's speculation that it's a MITM by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate." Another (anonymous) reader says, "What might be worrying is that the CA behind the forgery is the official supplier of most Dutch Government certificates, diginotar.nl. They are supposed to be very stringent in their application process. As a Dutchman, I'm very interested to see how this one plays out."
Adds Trailrunner7: "The attack appears to have been targeting Gmail users specifically. Some users trying to reach the Gmail servers over HTTPS found that their traffic was being rerouted through servers that shouldn't have been part of the equation. On Monday afternoon, security researcher Moxie Marlinspike checked the signatures on the certificate for the suspicious server, which had been posted to Pastebin and elsewhere on the Web, and found that the certificate was in fact valid. The attack is especially problematic because the certificate is a wildcard cert, meaning it is valid for any of Google's domains that use SSL."
This discussion has been archived. No new comments can be posted.

Another CA Issues False Certificates To Iran

Comments Filter:
  • by mysidia (191772) * on Monday August 29, 2011 @11:51PM (#37249808)

    Any CA that can't implement sufficient controls to prevent such shenanigans, should not be a CA in the first place. Needless to say i've changed my browser and OS settings to distrust the CA. I expect a serious explanation shortly, and short of some unusually extreme extenuating circumstances, I think all browser vendors and OS vendors should evict the CA immediately, to make an example of them.

    I am curious though.... did the CA fail to implement its CA CPSs, or did its Certification practice statement actually have a hole where such a thing could happen?

    • So, besides more Californias (CAs) offering more martinis-in-the-morning (MITMs) to confuse more octogenarians/septuagenarians (OSs), what does the Chicago Public School System (CPS) have to do with anything? Or is this one of those "hacker" things I've heard so much about?

      • by mysidia (191772) * on Tuesday August 30, 2011 @01:06AM (#37250172)

        The Californians provide a document specifying their chosen Chicago Public School System, which is digested by THE POWERS THAT BE to decide if the Californian is trusted to introduce UAs (Utah and Alaskans) to servers and vice versa (partially based on their record of providing the proper tip amounts to their servers).

        The problem is, this particular Californian has taken to introducing fake servers to the UAs (Utahns and Alaskans).

    • by msauve (701917)
      Even if there do turn out to be "extenuating circumstances," Diginotar should be out of business. They haven't announced [diginotar.com] that they've issued a compromised cert. One might argue that hiding the error is worse than making it in the first place.
      • by mysidia (191772) *

        That adds insult to injury there... either (A) their security/review practices aren't up to snuff, and they didn't ever detect they'd issued a compromised cert. OR (B) they knew about a problem and hid it for PR or other reasons.

        I suppose browser policy guidelines possibly need to be revised to require that CAs perform additional certificate issuance monitoring, requiring a third party to 'sign off' on any issuance before any certificate can finally be issued..

        For example: I would like to see

        • That adds insult to injury there... either (A) their security/review practices aren't up to snuff, and they didn't ever detect they'd issued a compromised cert. OR (B) they knew about a problem and hid it for PR or other reasons.

          They've been ordained as the official Netherlands CA by the Dutch government. If you're dealing with the government electronically, you have to use them (and they $$really, $$really milk thi$$ for all it$$ worth). Admitting to a problem would be bad for business. Another couple of failures of this magnitude and the Dutch government might even start thinking about revoking their license to print money, or at least issuing licenses to other organisations as well.

  • by 93 Escort Wagon (326346) on Monday August 29, 2011 @11:53PM (#37249820)

    I'm beginning to think some variation of Marlinspike's distributed notary system [softpedia.com] may actually be the way to go. This just can't be allowed to happen, given the importance of internet communication nowadays. If the CAs can't prevent this, it's time to find an alternative.

    • by RajivSLK (398494)
      There must be something I don't understand about this system...

      The whole idea is to compare a certificate served by a website to a client with one received from the same destination by a notary. If the client is surfing from a compromised network and gets served a fake certificate, it won't match with the one from the notary, triggering an alert.

      How does it prevent a man in the middle attack from simply forging the certificate and all of the notary responses?
      • by swillden (191260)

        There must be something I don't understand about this system...

        The whole idea is to compare a certificate served by a website to a client with one received from the same destination by a notary. If the client is surfing from a compromised network and gets served a fake certificate, it won't match with the one from the notary, triggering an alert.

        How does it prevent a man in the middle attack from simply forging the certificate and all of the notary responses?

        Wrong question.

        The notary responses can't be forged; they're signed, and you have their public keys. This is essentially the same as having the public keys of a bunch of CAs, and you'd probably get those keys in the same way: with your browser (though it's more likely that you'd edit them, or replace them with a set from some reputable site, etc.).

        The right question is: How does it prevent a man in the middle attack from simply fooling all of the notaries?

        The idea is that it's difficult for an attac

    • What may be a better solution in the short term would be to examine the policies of browser / OS certificate acceptance policies. After something like this if it is found to be negligent or worse yet malicious on the part of the CA, they get dropped temporarily. As the number of offenses increases the drop time increases, if they behave good for a while the drop time is reduced. Similar to BGP dampening, where any sort of instability must be removed as soon as possible to prevent the whole system from crash

    • by jd (1658)

      The CAs can prevent it. Back when certificates first started, certificates were graded according to the quality of information needed to back them. The highest grade required two or maybe three pieces of approved official ID and direct contact with the purchaser. It would not surprise me if some of the vendors also ran background checks and perform other basic authentication.

      If they only want one level today, then what's to stop them from switching to the highest standard they used to have, rather than unif

  • by Targen (844972) on Monday August 29, 2011 @11:54PM (#37249826) Homepage
    Security people have since forever warned the rest of the world against the risks of blindly trusting centralized/hierarchical trust schemes. It's not the first time this happens. It won't be the last. And while standard practices remain as they currently are, we're all in the hands of whoever's got money and power, and governments tend to have a lot of both. Most of you might not care much about this since you probably live in places with decent governments*, but it's a real concern for an enormous portion of the world's population.

    *IN RELATIVE TERMS. I know many of the governments of the "free world" are guilty of all manners of despicable privacy violations with all manners of awful consequences, but please don't even attempt to compare these issues to the sorts of oppression that happen in full-blown totalitarian regimes.
    • by bky1701 (979071)

      I know many of the governments of the "free world" are guilty of all manners of despicable privacy violations with all manners of awful consequences, but please don't even attempt to compare these issues to the sorts of oppression that happen in full-blown totalitarian regimes.

      The "free world" is effective enough at controlling the people though other means (bread and circuses) that it need not resort to more extreme measures: the people are powerless, and so abusing them overtly would only potentially giv

      • by jpapon (1877296)
        Sure you're free to "effect social change", you just might not be all that effective; the system in place in most "free" countries makes it difficult, but not impossible. This is, in fact, wise, because (believe it or not) not everyone wants to enact the same social changes as you.
      • by ibwolf (126465)

        You're free because you can effect social change. Tell me with a straight face that there is a wide gulf between Iran and the West in that respect, and I shall laugh at you.

        It is difficult to effect social change in the west because most of us are, on the whole, content with things as they are. Sure, there is room for improvement, but (a few fringe groups aside) few of us want radical change. This is the essence of democracy.

        In Iran it is difficult to effect social change because if you seem even remotely likely to succeed in undermining the government they will crack down on you hard.

        Of course, democracy is somewhat flawed in that it involves giving people what they want and

        • by bky1701 (979071)
          In a dictatorship, suppressing people only begets more anger. It might temporarily put it down, but it doesn't change the underlying emotions.

          Democracy gives an illusion of power to people who have none. How many times have you been advised to write your congress person if you have a problem? Illusions of power beget apathy. As long as the situation does not become too horrible (and indeed, few dictatorships survive such situations), and as long as the choices are fairly limited, democracy ends up functi
      • Last time I saw a public political protest in the US there were no club waving motorcyclists chasing down the protesters and cracking skulls of anyone to slow to get out of the way. This occurred in the 60's civil rights era but that type of government sanctioned violence is in the past. There were no reports of the government security services raiding the homes of anyone expected of leading the protests. In the US when someone decides to defy an order to cease blockading the target of their protest or crea
        • by Burz (138833)

          trip to the police station and released a couple minutes later with either a sternly worded warning

          Only if they feel like it. Its not uncommon for protesters to be jailed for a day or more with no access to a toilet. And that's after being kettled-in with barbed wire for hours.

          You should look up the 2008 Republican National Convention protests. Even members of the press had their badges ripped off by police before being manhandled and abducted.

          The anti-pipeline protesters are currently being held for far longer than "a couple minutes".

    • How else can a gov't jail 1% of its adult population at any given moment? Any government with a "war-on-something" at home is in the business of nullifying civil rights and should be considered at least an honorary member of the totalitarian club.

      The main difference here in the USA which helps keep the 'freedom' charade going is that we have a great deal of material and cultural excess to indulge (and to drown out discussion of serious issues). Once that abundance dries up, even conversations such as this o

  • by phoxix (161744) on Monday August 29, 2011 @11:56PM (#37249834)

    The idea behind the "Stringent SSL verification process" is that customers will pay a brand-name-trusted CA company to verify the SSL request is from who they claim to be.

    Even at *TEN THOUSAND* USD/EUR/GBP/etc per fake certificate, the price is too good for countries like Iran, China, etc for engaging in MITM attacks.

    The whole process is a scam outright....

  • by robbak (775424) on Tuesday August 30, 2011 @12:02AM (#37249876) Homepage

    Surely, if any a fraudulent certificate evert shows up, then the public keys for the issuing CA should be instantly removed? Even if they are Verisign themselves, if a fraudulent certificate exists, then trust is lost, and they cannot remain.

    • by jamesh (87723)

      Surely, if any a fraudulent certificate evert shows up, then the public keys for the issuing CA should be instantly removed? Even if they are Verisign themselves, if a fraudulent certificate exists, then trust is lost, and they cannot remain.

      Who would do this? What is the 'parent body' of a CA? Is the CA business actually regulated in any way? And under what jurisdiction? The nature of 'root certificate' is that the keys are in Windows (or whatever operating system), so Microsoft (or appropriate vendor) would have to do it via an update, or the user would have to do it manually.

      • There is no specific regulation(aside from whatever body of generic business-practices regulation governs operations in that jurisdiction); but the major OS, browser, and email client companies effectively count as the regulators.

        They can, and do, issue frequent updates(with fairly swift uptake across a good percentage of the userbase, these days) which can and sometimes do include changes to the trusted roots. If a CA gets removed, their customers' users start seeing scary, scary warning messages or jus
    • by Spad (470073) <slashdot@@@spad...co...uk> on Tuesday August 30, 2011 @03:04AM (#37250622) Homepage

      Mozilla, Google & Microsoft (at least, so far) have all now removed Diginotar from their list of trusted authorities in their respective browsers.

      • by robbak (775424)

        Now all we need is for that to be an automatic response.
        Then, the only way back in would be to fix the procedural issues, get properly audited, then generate a new root cert and reissue everyone fresh certs.
        The huge cost of this might get them taking security seriously. And even saying "no"to governments.

  • Surprising? (Score:5, Interesting)

    by Mensa Babe (675349) * on Tuesday August 30, 2011 @12:03AM (#37249884) Homepage Journal
    The only thing I find surprising is that stories like this are not more common. Various government agencies all over the world have been using fake certificates literally for years. Those are usually targeted at specific individuals being under surveillance so those are one-time stunts, limited in time and in network visibility, but all of those certificates in order to be useful have to be issued by certification authorities that are in the trust chain of the popular web browsers (Firefox, Chrome, Explorer, Safari, Opera). The problem with SSL/TLS certificates is that any certification authority from any country can issue a certificate for any domain, and they do occasionally. Most of those certificates are used only few times so they don't get any attention but sometimes they do. The trust model in SSL/TLS is fundamentally flawed and I agree with Dan Kaminsky and Bruce Schneier that we have to completely abandon it in favour of a trust model based on a secure DNS system, where there is only one authoritative source of cryptographic certificate for any given domain, instead of thousands like we have today. I have been telling this for years and I can only hope that people will eventually wake up and listen after stories like this one.
    • ...where there is only one authoritative source of cryptographic certificate for any given domain, instead of thousands like we have today.

      And therefor a single point of failure.

      I have been telling this for years and I can only hope that people will eventually wake up and listen after stories like this one.

      Yes, once government has control of that "one authoritative source" you won't hear about this sort of thing any more.

      • One authoritative source... per domain.

        If you simply missed those two extra words when you first read them, then no harm done. But if you don't comprehend why those two extra words are significant... then you really need to not have an opinion on this topic.

        • Each ccTLD operator is not necessarily limited to just the domains under that ccTLD. If China maintains a root server, and they have the private keys for the root, they can then sign their own .com keys, and then sign domains under .com. (And even if they only have the .cn private keys, and SSL trust was solely implemented in DNSSEC, now you can't trust your SSL connection to any .cn domain!)

          Using DNSSEC for publishing certs and extra identity information is a cool idea, but it's not a good idea to replace

  • Convergence (Score:4, Interesting)

    by unencode200x (914144) on Tuesday August 30, 2011 @12:12AM (#37249932)
    Another reason to take a good, long look at Moxie Marlinspike's Convergence system. Basically, it does away with CAs in favor of a trusted and anonymous notary-based system.

    See him speak about it at BlackHat USA 2011 here [youtube.com].(a really great talk, as always).

    Read about it here [infosecurity-us.com]

    The official Convergence website (http://convergence.io/). The plugin (AFAIK) is not compatible with FF 6 yet.
    • by jonwil (467024)

      Forget that, go with SSL certificates in DNS and DNSSEC to verify the records.

      • by GSloop (165220)

        And when the DNS servers are subverted to point to bogus SSL certificates, then what?

        You do happen to know that you'll have to trust the government [ISP etc] not to mess with DNS, and a one-stop shop to subvert both your domain and your PKI is just what they'd like to have.

        SSL certs authenticated/served by DNS is not a fix, IMO - because DNS isn't any more secure from powerful interests than SSL is. [And it may even be less secure.]

        This truly is a hard nut to crack, and knee-jerk solutions like "tie it to D

        • by jonwil (467024)

          with proper cryptographic protocols like DNSSEC, the only way to change DNS (and hence SSL certificates stored in DNS) without raising red flags is to actually change the DNS record itself. Any man-in-the-middle attacks by hackers, ISPs or foriegn governments (great firewall of china etc) will cause the DNSSEC chain-of-trust to fail.

          Now it might be possible for a bad guy to convince the DNS provider or operator to accept new cryptographic keys, DNSSEC signatures or DNS data but that is a lot harder than con

          • by GSloop (165220)

            Go ahead and actually read or listen to the talk.

            If you won't trust the SSL authorities, and I don't - then one would assume that trusting the registrars/TLD's/root/or country TLD's would be even more crazy.

            IMO, DNSSEC simply doesn't really solve the problem, and shouldn't be the "solution." We should look for and design something better.

            -Greg

          • by GSloop (165220)

            Show me ONE example (real or hypothetical) where a DNS record has been altered (with or without the cooperation of the DNS provider) by someone other than the legitimate domain owner (e.g. hackers, government etc) where storing certificates in DNS would make things worse than if the site was using current CA-issued certificates and I will accept your arguments.

            Seriously? Sex.com was totally hijacked. There are literally thousands of cases where domains get owned. [And once you own the domain its DNS is cert

        • by soundguy (415780)
          Any company where the validity of an SSL cert is even remotely important should be running their own DNS. If they aren't, they have no business being in business.
    • Thanks for bringing this up. Every time we talk about SSL issues folks fail to bring up the notaries-based systems. (Even during the last /. article, which was really about Marlinspike's Convergence.)

      Additional information: Convergence is based on Perspectives [networknotary.org].

      Network notaries let you see a diverse views of the public key(s) used by an HTTPS server over time.

      As an example, here are multiple views of Google's SSL [networknotary.org].

      • The attack appears to have been targeting Gmail users specifically.

        Okay, then, more relevantly, multiple views on Gmail's certificate [networknotary.org].

        That'll give you a good idea if someone's MITMing you.

        • by tomtomtom (580791)

          I've been using Certificate Patrol [mozilla.org] for a while alongside Perspectives and it's pretty useful. However, it has also brought to my attention the frequency with which Google/Gmail's certificates seem to change which the links given above also highlight in the graphs.

          I'm still puzzled as to why this is (and why e.g. the Gmail IMAPS certs don't seem to change anything like as frequently - more like annually) but if the certs changes frequently it diminishes the usefulness of e.g. Perspectives quite a bit. Which

          • Did you notice that you're getting a lot of HTTPS certificate changes from Facebook when browsing sites with Like buttons over the last week or so? I'm running a fully locked down Firefox (NoScript, Flashblock, CookieMonster 1.5, BetterPrivacy, CertPatrol, Perspectives, HTTPS-Everywhere) and I'm getting these warnings even though I haven't whitelisted Facebook anywhere.

            I was curious so just as I was writing this I inspected the source of a Wired page I had open. Look at this gem:

            <iframe src="http://www.f
            • And yes I realize it's really a *pure HTML* (at least as far as the client is concerned) tracking system. Have a million things going on at work right now.

            • by tomtomtom (580791)

              That's for the Facebook "Like" button but this technique is also commonly used by Ad networks - I suspect you only noticed it here because HTTPS-everywhere will force the facebook connection to SSL (and AdBlock Plus won't block the Facebook "like" button normally). Certificate Patrol will then alert you to the certificate changes.

              Look into using something like the RequestPolicy [mozilla.org] extension if you want more control over which off-site content gets loaded - it lets you implement a deny-by-default type policy in

      • I wonder what the differences are between Perspectives and Convergence. I've been using Perspectives for a long time. As far as I can tell the only difference is that Convergence has some anonymization features built in.

    • by swillden (191260)

      Another reason to take a good, long look at Moxie Marlinspike's Convergence system. Basically, it does away with CAs in favor of a trusted and anonymous notary-based system.

      I think the best thing about Marlinspike's system is that it doesn't do away with the CAs. Rather, it provides a stand-beside certificate validation mechanism; there's no reason a site can't use both, and using both actually increases the security over using either one alone.

  • by wvmarle (1070040) on Tuesday August 30, 2011 @12:45AM (#37250100)

    I just looked through the bug report listed; at the end two very interesting comments:

    So it seems Mozilla is basically going to blacklist that CA. I think that's an appropriate response: the CA has proven that their methods are flawed, and that there certificates can not be trusted. This one has been found out; who knows whether there are more out there? I surely hope this is a one-off incident but better safe than sorry. And it sends the message nice and clear to other CAs that they have to be really careful.

    As of 9:26pm PDT this bug report has made the frontpage of slashdot.org [...] Please address this issue immediately.

    A Slashdot side-effect :)

  • Maybe I should tell my browser to just accept certs signed by Bob's SSL Certs and Taco Stand, probably no worse than anyone else.(Bonus points if you get the reference)
  • I'm not that informed on how certs work but if someone goes to a dutch CA and says they want a cert related to Google, wouldn't that be the one they'd double or triple check just in case it's not really Google? I mean, it's Google. Nobody doesn't know them and they wouldn't just randomly pick up a cert from a random foreign country, right? Or do they need muliple certs around the world or something so it wasn't that unusual? Either way, it's not that hard to make sure a google certificate isn't being re
    • by wvmarle (1070040)

      To debunk the last bit: it's not that hard for a spy operation to ask some friends in the US, possibly friends that are actually Google employees, to apply for such certificates. To have at least the request coming from a plausible source.

      And on the rest... sure, should have raised plenty of red flags. Why would a US company ask a Dutch CA for a certificate? Why would an established site need a new or an extra certificate - a wild card (*.google.com) cert to boot? Now I have no idea how a CA certifies tha

      • by jimicus (737525)

        And on the rest... sure, should have raised plenty of red flags. Why would a US company ask a Dutch CA for a certificate? Why would an established site need a new or an extra certificate - a wild card (*.google.com) cert to boot? Now I have no idea how a CA certifies that the requester is actually the owner of a certain domain, it certainly failed badly in this case.

        Go buy a certificate some time. There are LOTS of CAs out there who will complete the transaction and give you a certificate in seconds. We'd like to believe that such CAs have some sort of process in place that flags up potentially fraudulent requests for human verification, but as this sort of thing demonstrates that's obviously not the case.

        • by mvdwege (243851)

          The problem is that this transaction should have failed even basic Domain Validation.

          A validation request for *.google.com should have landed at a technical contact inside Google. So how did this come into the hands of the Iranian government?

          The only thing I can think of is that Diginotar has fallen for the 'Domain Validation is not secure enough' scam, and has therefore used another out-of-band validation technique that was easily socially engineered.

          Mart

  • by thegarbz (1787294) on Tuesday August 30, 2011 @02:01AM (#37250360)

    Oh Good. We can visit something such as Gmail.com with a fraudulent certificate and no one would notice. But god forbid I self sign my home webserver certificate, that must be met with a wrath of a bright red page warning me about the dangers of a possible man in the middle attack and that no one should visit my site under any circumstances!!! /rage

    But on a more serious note shouldn't this right now be a clear indication to those in defense of using SSL / TLS to establish identity that their system is horrendously flawed and that maybe self signed certificates are in fact not any worse then any certificate verified by a picture of Ben Franklin?

    • > ...system is horrendously flawed...

      Is it? The fraud was discovered and the registrar has been blacklisted. Furthermore, you could be using Perspectives if you wanted to: it would have detected this.

      Don't be too quick to exchange a tough system for a brittle one.

      • by Rich0 (548339)

        The fraud was discovered more than a month after it happened. In the meantime who knows how much havoc was caused.

        SSL as it is presently implemented has a number of key problems:

        1. It doesn't allow encryption without authentication. An encrypted and unauthenticated connection to a server is considered LESS safe than an unencrypted and unauthenticated connection.

        2. Every software package out there has its own trust database. Do you think that every instance of this bad certificate is really going to get

  • There's no need to wait for a patch. In Firefox, under preferences->advanced->encryption, select view certificates. Just select digi notar and either click delete or edit and then uncheck everything.

    CAs must understand that they will be erased from existence by browser providers, security admins and end users if they violate the public trust in this way. They don't have enough bribes, threats, or lies to get out of the hole they dig for themselves when they sell out.

    • by Greyfox (87712)
      Ooh that's neat. While I'm in there, how much do I trust Chunghwa... really?
      • by wvmarle (1070040)

        Trolling because that name sounds Chinese? And why would you trust Verisign and all the others?

        The answer is: because trust is what their business is built upon. Break that trust, break your business, like what's now happened to diginotar. And that's why you can trust them: because they need you to trust them, and that's a good reason for such a business to be and to remain trustworthy.

        That said of course we should remain vigilant. Trust is just that - trust. It needs independent verification, and how we

        • by Greyfox (87712)
          Well mostly due to the widespread rumors of Chinese corporate espionage and VERY widespread allegations of Chinese hackers actively employed by the government. Having a CA in their pocket would undoubtedly make that easier. Just speculation on my part, of course. If the life of my business is on the line, I'd really rather not find out after the fact that any particular CA was corrupt.

          I doubt I'd be inclined to trust a CA in Iran or North Korea either, given the tense relations between our countries. If I

      • by sjames (1099)

        And there's the real problem with the current structure. Too many CAs nobody's ever heard off, practically all of which consider profit to be the only thing that counts in the world.

  • Liability (Score:2, Interesting)

    by Anonymous Coward

    Question for lawyers. If I bought a certificate from DigiNotar, can I sue them for damages? My certificate is unchanged so I have not been directly damaged. However, their business model is based on trust and once they are blacklisted, my cert while not be useful.

  • lovely (Score:5, Insightful)

    by roman_mir (125474) on Tuesday August 30, 2011 @04:20AM (#37250882) Homepage Journal

    I love how every [slashdot.org] time [slashdot.org] when the discussion is brought up that browsers need to stop treating https with self signed certificates worse than they treat plain http (just don't show the lock icon, show an icon for the fingerprint, which would make it easy to display the fingerprint for comparing it to a known one), some fool immediately starts talking how browsers must treat https with self signed certs worse than http because https without CA means that your session is vulnerable to the MITM.

    Of-course when it is pointed out [slashdot.org] that CA does not guarantee that there is no MITM either, the discussion dies out but the opinions never change.

    Well how much longer will the opinions can stay the same with all the evidence that CAs do not in fact guarantee that there is no MITM?

    More importantly: who is talking about browser being responsible to figure out whether there is MITM or not with a https and a self signed cert?

    This cognitive dissonance needs to be eradicated.

    • by itsdapead (734413)

      Well how much longer will the opinions can stay the same with all the evidence that CAs do not in fact guarantee that there is no MITM?

      Total straw man. Nobody who remotely understands the system thinks that CAs guarantee no MITM. You could go and see the webmaster in person, shake their hand, look them in the eye, meet their parents, run a background security check, ask for three forms of photo ID and proof of address and then ask for their certificate fingerprint. That would reassure you that, if you are being scammed, you are at least being scammed by the professionals, but it would still represent the weakest link in any chain using de

      • by roman_mir (125474)

        Total straw man. Nobody who remotely understands the system thinks that CAs guarantee no MITM

        - how [slashdot.org] about [slashdot.org] you [slashdot.org] talk [slashdot.org] to [slashdot.org] them [slashdot.org], before talking about 'straw man'?

        So, it boils down to risk. CAs are a million miles short of being a perfect, secure solution but they are far, far better than self-signed certificates.

        - bullshit. I mistrust every single CA signed certificate and I want a fingerprint. In fact I mistrust CA generated certificates specifically because they are CA signed certificates - they are not the site operators, why are they relied upon to be honest and trustworthy in the first place? I didn't go to their site, I went to a bank site or wherever else. I don't trust the CAs and I think they are paying off the browser development teams to m

        • by tgd (2822)

          There needs to be a distributed public directory of fingerprints that is available to all for verification.

          I'll avoid commenting on most of your comments. I'm sure others will tear them to shreds, if anyone particularly cares enough.

          However, how do you suggest validating that public directory of fingerprints? You are subsituting one weak-but-better-than-nothing chain of trust with another means-absolutely-nothing chain of trust.

    • by swillden (191260)

      I agree, with the caveat that I think browsers should do ssh-style key history tracking. For all certs, not just self-signed, but it's especially important for self-signed certs. If I visit a site every day for a year and it always has the same certificate, that is actually a much stronger statement of trust than a signature by some random CA, but if that certificate suddenly changes there should be big red warnings. Further, I like the ssh model wherein the user is recommended to do some additional veri

    • For once I agree with you completely. I've been saying the same thing for a long time.

  • I am pretty happy to see this. Why? Because, come on, who didn't know this would be a problem eventually?

    This is the biggest Achilles' heel in all of PKI... the need to trust the CA! Yet, there are WAY too many of them, all trusted by default. We have known the Department of Homeland Stupidity has had their own trusted CA, should we be surprised that any national government is capable of shopping around for one that will give them the certs they claim to need and should have for some reason?

    The ONLY answer

When Dexter's on the Internet, can Hell be far behind?"

Working...