Comment by lazyjones
11 years ago
> no. It means "even though this connection is encrypted, there is no way to tell you whether you are currently talking to that site or to NSA which is forwarding all of your traffic to the site you're on".
That would be correct if you could assume that the NSA couldn't fake certificates for websites. But it can, so it's wrong and misleading. It's certificate pinning, notary systems etc. that actually give some credibility to the certificate you're currently using, not whatever the browsers indicate as default.
FWIW, (valid) rogue certificates have been found in the wild several times, CAs have been compromised etc. ...
I agree. A more common MITM, and that it actually would prevent, comes from a rogue wifi operator.
> FWIW, (valid) rogue certificates have been found in the wild several times, CAs have been compromised etc. ...
And it's only going to get worse as SHA-1 become more and more affordable to crack.
The CAs have agreed to stop using SHA-1 by 2016, and Let's Encrypt will launch with something stronger on day one.
But SHA-1 attacks are going to be a huge problem all over our protocol stack :(
The NSA has no CA. The only attack they really have is brute force or server compromise - both of which undermine pinning.
They can get US corporations (including many CAs) to cooperate. For example, to obtain a fake (but perfectly working google.com certificate, they can ask Google (more or less) nicely to provide one, or they can go ask any CA instead. It's not likely that compromise is required with so many potential sources, some of which may be paid or coerced to cooperate.
PS. nice (presumably political) downvote further up ...
The NSA can do this, yes. But, any CA that issues a fake CA for Google will be found out rather quickly, and then will get blacklisted and lose business.
So while the NSA can technically do that, they only get a few shots cause each one has a high chance of burning the CA.
For lesser sites and narrow targets, this may not be true.
3 replies →
One would hope certificate transparency would help fix this problem.
(for the record, I didn't downvote you)
Fake certificate for Google wouldn't work in Chrome at least. There is certificate pinning already.
1 reply →
NSA has NSL (national security letters with gag orders). There are CAs in the US. Mission accomplished.
Wouldn't help with google though - anybody who tried to fake a google cert would be caught by chrome within a few seconds. There is a lot of value associated with owning a browser. Enhanced security is just one of them.
7 replies →
I'm now curious. Explain to me how an NSL fits into the scenario you're implying.
That would be stupid. Google is a US company. NSA has NSLs. Mission accomplished. No certs involved.
2 replies →