Comment by Eduard

3 years ago

> This shows that Let's Encrypt security is a joke because now any large national ISP can use same MiTM to issue a certificate for any site hosted within a country. The SSL infrastructure is completely compromised.

the information available right now are too vague to come to a conclusion this bold.

Instead, I find it something like the following more plausible:

jabber.ru and xmpp.ru seem to use "exotic" DNS servers (at least as I checked right now).

https://uk.godaddy.com/whois/results.aspx?itc=dlp_domain_who...

All it then takes is an exploit there in the DNS server, or a badly set-up ACME DNS-01 there, in order for Let's Encrypt to grant an SSL certificate.

https://letsencrypt.org/docs/challenge-types/#dns-01-challen...

The moment you're able to write a (TXT) record for some domain name, you have proven to be eligible for getting an SSL certificate for that domain name.

Both you and the grandparent are correct in that both propose viable attacks; it is a known fact (and not news to any expert in the space) that "domain validation" certificates are vulnerable to "global" MitM in which an attacker can intercept all traffic to a domain (and therefore intercept the validation probes). A situation in which a service's hosting company is sitting on their "front door" (so to speak) and MitMing all traffic that goes their way is exactly such a situation (hence my recommended mitigation).

  • Hosting company is not the only one who can do MitM; any ISP through which the traffic passes can do that as well; and if there are backdoors in foreign network equipment then the manufacturer of equipment can do MitM too.

    • This is false, because Let’s Encrypt uses servers in multiple places to get a mix of routing paths to eliminate it as an attack vector.

ns2.jabber.ru is hosted at Akado (ordinary Russian ISP) in Moscow, as for ns1.jabber.ru it looks like it is hosted at Linode. So maybe ns1 was compromised as well, as for ns2 I doubt that.

  • So because one is hosted in Moscow, you find it less likely to be hacked? What a humorous conclusion.

    • Yes, because it is highly unlikely that Russian police or Russian ISP will cooperate with US or European police.