Comment by iancarroll
11 years ago
The NSA has no CA. The only attack they really have is brute force or server compromise - both of which undermine pinning.
11 years ago
The NSA has no CA. The only attack they really have is brute force or server compromise - both of which undermine pinning.
They can get US corporations (including many CAs) to cooperate. For example, to obtain a fake (but perfectly working google.com certificate, they can ask Google (more or less) nicely to provide one, or they can go ask any CA instead. It's not likely that compromise is required with so many potential sources, some of which may be paid or coerced to cooperate.
PS. nice (presumably political) downvote further up ...
The NSA can do this, yes. But, any CA that issues a fake CA for Google will be found out rather quickly, and then will get blacklisted and lose business.
So while the NSA can technically do that, they only get a few shots cause each one has a high chance of burning the CA.
For lesser sites and narrow targets, this may not be true.
This is precisely the problem with centralized security authorities. As we've seen a state actor can easily force a central authority to share it's private key, thereby granting the state actor the ability to untraceably create it's own certificate chains.
It would also have to control the wire for the attack target, but via wire tapping laws that is already a solved problem. Because they control the connection of the attack target, I don't see how the fact that the certificate chain was compromised would ever become public knowledge.
Web of trust was designed to address the central authority weakness, but itself apparently has scalability issues, although I'm unclear on why.
Google is indeed in a (unique) good position to detect and possibly prevent a fake certificate, but we don't know if that's what they want or whether they can be coerced to cooperate. Millions of other websites are not protected in the same way.
One would hope certificate transparency would help fix this problem.
(for the record, I didn't downvote you)
Fake certificate for Google wouldn't work in Chrome at least. There is certificate pinning already.
That is completely ineffective if they get Google to cooperate and issue an update that pins the new cert - and due to how automatic updates work, the majority of users will be completely oblivious, and those who do notice the new certificate won't find it any more suspicious than any other certificate update.
NSA has NSL (national security letters with gag orders). There are CAs in the US. Mission accomplished.
Wouldn't help with google though - anybody who tried to fake a google cert would be caught by chrome within a few seconds. There is a lot of value associated with owning a browser. Enhanced security is just one of them.
You speak as if the power of NSLs has a functional limit - it doesn't, which is what makes the entire concept so dangerous.
There's nothing stopping the requirements from being "mint us a certificate according to these specs" and additionally "okay, now pin this certificate in your browser".
6 replies →
I'm now curious. Explain to me how an NSL fits into the scenario you're implying.
That would be stupid. Google is a US company. NSA has NSLs. Mission accomplished. No certs involved.
How did you get Google into all this? If you're implying that Google owns a search site/Gmail/a browser, know that there are alternatives, which NSA's target could be using. A fake certificate from a trusted US CA can MITM any connection to almost any website from almost any browser.
1 reply →