Comment by lazyjones
11 years ago
They can get US corporations (including many CAs) to cooperate. For example, to obtain a fake (but perfectly working google.com certificate, they can ask Google (more or less) nicely to provide one, or they can go ask any CA instead. It's not likely that compromise is required with so many potential sources, some of which may be paid or coerced to cooperate.
PS. nice (presumably political) downvote further up ...
The NSA can do this, yes. But, any CA that issues a fake CA for Google will be found out rather quickly, and then will get blacklisted and lose business.
So while the NSA can technically do that, they only get a few shots cause each one has a high chance of burning the CA.
For lesser sites and narrow targets, this may not be true.
This is precisely the problem with centralized security authorities. As we've seen a state actor can easily force a central authority to share it's private key, thereby granting the state actor the ability to untraceably create it's own certificate chains.
It would also have to control the wire for the attack target, but via wire tapping laws that is already a solved problem. Because they control the connection of the attack target, I don't see how the fact that the certificate chain was compromised would ever become public knowledge.
Web of trust was designed to address the central authority weakness, but itself apparently has scalability issues, although I'm unclear on why.
Google is indeed in a (unique) good position to detect and possibly prevent a fake certificate, but we don't know if that's what they want or whether they can be coerced to cooperate. Millions of other websites are not protected in the same way.
One would hope certificate transparency would help fix this problem.
(for the record, I didn't downvote you)
Fake certificate for Google wouldn't work in Chrome at least. There is certificate pinning already.
That is completely ineffective if they get Google to cooperate and issue an update that pins the new cert - and due to how automatic updates work, the majority of users will be completely oblivious, and those who do notice the new certificate won't find it any more suspicious than any other certificate update.