← Back to context

Comment by bananapub

3 years ago

what? nothing to do with Let's Encrypt, if someone gets to large-scale MITM your traffic then they can get anyone to issue a DV cert.

So for example, if traffic to Google goes through a Huawei router somewhere, then Huawei can issue a Let's Encrypt certificate for Google, right? And any large national ISP can use MitM to issue fake certificates for any site hosted within that country?

To me it looks like SSL cert infra is completely compromised and unreliable.

  • > then Huawei can issue a Let's Encrypt certificate for Google, right?

    Google has CAA records set (https://www.entrust.com/resources/certificate-solutions/tool...) and I guess CAs will have denylists of "popular" domains, so no.

    > And any large national ISP can use MitM to issue fake certificates for any site hosted within that country?

    Yes. You can fix this by CAA and ACME-CAA.

    I can't think of a way to validate DV certificates in a better way that will resist this kind of attack.

    • Multiperspective validation, if the attacker is far enough away from the target site. :-)

      I think some of the researchers who wrote about BGP spoofing attacks against Let's Encrypt may have suggested something about logging BGP changes and delaying DV issuance if a network's BGP announcements are too recent, or something? I don't think Let's Encrypt currently checks that, but it could be an interesting data source in the future.

  • Let's Encrypt uses "multiperspective validation" to prevent a single backbone router or backbone network from being able to do this attack in many cases.

    This doesn't help much if the attacker is sufficiently close on the network to the target, or if the attacker can perform a successful wide-scale BGP spoofing attack.

    I'm not sure if that will reassure you, since it's not a complete mitigation in all cases, but the multiperspective validation was explicitly created in response to exactly this kind of concern about attacks on, or by, ISPs!