Ask HN: Is Let's Encrypt the new swiss crypto ag? Just wondering ... it does seem less far-fetched in the light of the swiss crypto ag revelations. |
Ask HN: Is Let's Encrypt the new swiss crypto ag? Just wondering ... it does seem less far-fetched in the light of the swiss crypto ag revelations. |
https://github.com/chromium/ct-policy/blob/master/ct_policy....
You may find this useful: http://www.certificate-transparency.org/how-ct-works
Whether you use any specific CA, like LE, or not, has no security impact.
It's about what your users trust and you don't control that.
Like any other CA, they do have the technical ability to sign arbitrary other certs, so could issue a cert for MITM. As some other comments show, certificate transparency is starting to reduce this risk.
To be perfectly honest, I don't really trust the other certs, either. I mean, I pretty much have to, and having a mainstream CA sign a cert does provide a bit of reassurance -- but only a bit. I don't really consider CA signing to mean that the cert is "trustworthy", because I don't really trust those CAs, so if they're the anchor for a chain of trust, then the chain of trust is weak.
If you can receive a http request destined to the target domain (e.g. via MITM near the real target, DNS hijacking, or route hijacking, or MITM near a CA) then you can get a cert issued for that domain by pretty much any popular CA.
With security so limited what would be the purpose of compromising lets encrypt?
Is it because you accept that the security provided by HTTPS is limited but don't like people calling that out?
It's better than nothing. But it is my perspective that as technical experts any time we are not absolutely frank about the limitations of the current model against powerful MITM attackers we are behaving unethically.
There is absolutely no reason for any major state attacker to compromise letsencrypt. Beyond the weaknesses I enumerated above state actors have their own CAs which are accepted by browsers and pinning is effectively dead ( https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browse... ).
What exactly could a state actor hope to accomplish by compromising letsencrypt that they couldn't already do more easily and stealthily?