← Back to context

Comment by safety1st

1 year ago

So I mean, just taking a quick look at the contents of /etc/ssl/certs and what Firefox shows me when I hit its View Certificates button, I see among dozens of other actors, Amazon, Microsoft, GoDaddy, and the Beijing Certificate Authority. No software has ever asked me if I want to trust any of these guys, they've been silently trusted during a software install I suppose. Does this mean they can all MITM my TLS traffic if they so choose?

4 comments

safety1st

Reply
jerbear4328  1 year ago

Theoretically, yes, they could, I think. However, with Certificate Transparency, the fraudulent certificates these Certificate Authorities could create would have to be published in CT logs to be valid, where they would be quickly noticed, and the CA would (hopefully) lose credibility and be removed from device's trusted CA list.

theptip  1 year ago

Not in 2020, no.

HSTS causes your browser to pin the first cert that it sees (from sites opting in to this scheme), so nobody (even the legitimate operator) can swap it out before it expires.

https://en.m.wikipedia.org/wiki/HTTP_Strict_Transport_Securi...

And specifically to the scenario in OP, app clients these days do not use the OS cert store, they will ship a single well-known server cert and only accept that one. This doesn’t help with your Firefox usecase though.

  • Uvix  1 year ago

    When HSTS is enabled, browsers don't pin the specific cert, just that HTTPS is required. Pinning the cert would mean users would experience outages (because you can't swap the cert early), which would be a terrible experience.

    • toast0  1 year ago

      HSTS is https required and it needs to be a validated cert; issued by a trusted CA and not expired (maybe also not before the not before date). And the usual ignore it and move on button is gone.

      Doesn't help if you're worried about a trusted CA issuing a cert for your domain without your approval though. Certificate transparency helps a bit with that; Chrome requires certs issued with a not before after april 30, 2018 to be in CT logs[1], so at least you'll be able to know a certificate was issued for your domain. If that happens, you can ask the CA/Browser forum to investigate and there's a good chance the CA will get kicked out if there's not a good explaination of what happened. That's not perfect but it's better than without CT when you could only know about an unauthorized cert if you managed to see it.

      [1] I think max validity was two years back then, so all current certs need logs