| 1 |
On 5/31/21 11:15 PM, William Kenworthy wrote: |
| 2 |
> And another "wondering" - all the warnings about trusting self signed |
| 3 |
> certs seem a bit self serving. |
| 4 |
|
| 5 |
No, it's not self serving. |
| 6 |
|
| 7 |
Considerably more people than public certificate authorities bemoan self |
| 8 |
signed certificates. |
| 9 |
|
| 10 |
Consider this: |
| 11 |
|
| 12 |
1) Your web site uses a self signed certificate and you have trained |
| 13 |
users to blindly accept and trust the certificate presented to them. |
| 14 |
2) Someone decides to intercept the traffic and presents a different |
| 15 |
self signed certificate to the end users while proxying the traffic on |
| 16 |
to you. |
| 17 |
3) Your end users have no viable way to differentiate between your self |
| 18 |
signed certificate and the intercepting self signed certificate. |
| 19 |
|
| 20 |
Without someone - which you trust - vouching for the identity of the |
| 21 |
party that you're connecting to, you have no way to know that you are |
| 22 |
actually connecting to the partying that you are intending to connect to. |
| 23 |
|
| 24 |
> Yes, they are trying to certify who you are, but at the expense of |
| 25 |
> probably allowing access to your communications by "authorised parties" |
| 26 |
|
| 27 |
Nope. Not at all. (Presuming that it's done properly. More below.) |
| 28 |
|
| 29 |
The /only/ thing that the certificate does / provides is someone - whom |
| 30 |
end users supposedly trust - vouching that you are who you say they are. |
| 31 |
The CA has nothing in the actual communications path. Thus they can't |
| 32 |
see the traffic if they want to. |
| 33 |
|
| 34 |
The proper way configure certificates is: |
| 35 |
|
| 36 |
1) Create a key on the local server. |
| 37 |
2) Create a Certificate Signing Request (a.k.a. CSR) which references, |
| 38 |
but does not include, the key. |
| 39 |
3) As a CA to sign the CSR. |
| 40 |
4) Use the certificate from the CA. |
| 41 |
|
| 42 |
The important thing is that the key, which is integral to the encryption |
| 43 |
*NEVER* *LEAVES* *YOUR* *CONTROL*! |
| 44 |
|
| 45 |
Thus there is no way that a CA is even capable of getting in the middle |
| 46 |
of the end-to-end communications between you and your client. |
| 47 |
|
| 48 |
There have been some CAs in the past that would try to do everything on |
| 49 |
their server. But in doing so, they violate the security model. Don't |
| 50 |
use those CAs. |
| 51 |
|
| 52 |
*YOU* /must/ generate the key /locally/. Anything else is broken security. |
| 53 |
|
| 54 |
> (such as commercial entities purchasing access for MITM access - |
| 55 |
> e.g. certain router/firewall companies doing deep inspection of |
| 56 |
> SSL via resigning or owning both end points). |
| 57 |
|
| 58 |
This is actually exceedingly difficult to do, at least insofar as |
| 59 |
decryption and re-encrypting the traffic. Certificate Transparency logs |
| 60 |
help ensure that a CA doesn't ... inadvertantly ... issue a certificate |
| 61 |
that they should not. Or at least it makes it orders of magnitude |
| 62 |
easier to identify and detect when such ... mistakes happen. |
| 63 |
|
| 64 |
There is also the Certificate Authority Authorization record that you |
| 65 |
can put in DNS that authorizes which CA(s) can issue certificates for a |
| 66 |
domain. A few years ago we passed the deadline where all CAs had to |
| 67 |
adhere to the CAA record. As in the Certificate Authority / Browser |
| 68 |
forum / consortium / term??? has non-renewed anybody who wasn't adhering |
| 69 |
to CAA. This is water so far under the bridge that it's over the |
| 70 |
waterfall, out to ocean, evaporated, and is raining down again. |
| 71 |
|
| 72 |
Also, DNSSEC protects DNS in that it makes it possible to authenticate |
| 73 |
the information you receive. Thus you can detect when things aren't |
| 74 |
authenticated and you know they should be. |
| 75 |
|
| 76 |
> If its only your own communications and not with a third, commercial |
| 77 |
> party self signed seems a lot more secure. |
| 78 |
|
| 79 |
Nope. 3rd parties don't have access to the encrypted communications. |
| 80 |
The only thing they have access to is saying if you are you or not. |
| 81 |
Yes, that's Bob over there in the corner. But I have no idea what he's |
| 82 |
talking about b/c MATH. |
| 83 |
|
| 84 |
Note the words "signed" and "signing". A Certificate Authority signs a |
| 85 |
certificate signing request, thus vouching for the identity of the |
| 86 |
entity submitting the CSR. You obviously can sign your own CSR. That's |
| 87 |
what a self-signed certificate comes from. But you have nobody vouching |
| 88 |
for who the far entity is, much less who vouched for them. |
| 89 |
|
| 90 |
Spekaing of who vouched for them, and how do we trust them? That's |
| 91 |
where the hashes in /etc/ssl (or wherever it is) come into play. Your |
| 92 |
system has a public key for /trusted/ root CAs. Thus when your system |
| 93 |
sees a certificate signed by a CA, it computes the hash, looks for the |
| 94 |
public key as the hash file on your local system. If the file exists |
| 95 |
and all the math passes, then the root certificate is trusted. If the |
| 96 |
root certificate is trusted, then your system will trust the certificate |
| 97 |
that the CA is vouching for. |
| 98 |
|
| 99 |
This is all ... something ... having to do with who is vouching for whom |
| 100 |
and do you trust the vouching party or not. |
| 101 |
|
| 102 |
But at no time does a CA have access to the encrypted communications. |
| 103 |
As long as things were done properly in that the keys were generated |
| 104 |
locally. |
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
-- |
| 109 |
Grant. . . . |
| 110 |
unix || die |
Archives