Comment by codedokode

3 years ago

This doesn't mean you should use unsecure methods instead and issue certificates to anyone capable to do MitM.

How could Letsencrypt even verify a server setup if not via DNS/HTTP? Also, verify against what? The servers are basically random strangers without identity when they first talk to LE.

  • In this case there has been a valid certificate for the site; this alone should raise suspicion.

    Also, if they cannot do secure validation then maybe they should stop issuing certificates for sites that already have a proper certificate.

This is exactly the same as all other CA's do this.... for DV-certificates you basically place a key/special file on the webserver, or receive a verficiation code via (plaintext) email.

For EV certs there might be more validation, but users will never see the difference between EV and DV certificates.

  • So SSL certificates are completely unreliable; we should only wait until Russian or Chinese comrades find a good use for this attack (e.g. temporary redirecting Western traffic using BGP to validate a Let's Encrypt's cert for Western site).

    • yes? this is a well-known problem, which is why CAA-ACME etc and certificate transparency logs exist.