1 |
On June 2, 2021 1:51:06 AM UTC, Grant Taylor <gtaylor@×××××××××××××××××××××.net> wrote: |
2 |
>On 6/1/21 3:38 PM, Michael Orlitzky wrote: |
3 |
>> *Any* CA can just generate a new key and sign the corresponding |
4 |
>> certificate. |
5 |
> |
6 |
>This is where what can /technically/ be done diverges from what is |
7 |
>/allowed/ to be done. |
8 |
> |
9 |
>CAs adhering to the CA/B Forum's requirements on CAA records mean that |
10 |
>they aren't allowed to issue a certificate for a domain that doesn't |
11 |
>list them in the CAA record. |
12 |
> |
13 |
>If a CA violates the CAA record requirement, then the CA has bigger |
14 |
>issues and will be subject to distrusting in mass. |
15 |
> |
16 |
>Certificate Transparency logs make it a lot easier to identify if such |
17 |
>shenanigans are done. -- I think that the CA/B Forum is also |
18 |
>requiring |
19 |
>C.T. Logs. |
20 |
> |
21 |
>Also, CAs /should/ *NOT* be generating keys. The keys should be |
22 |
>generated by the malicious party trying to pull the shenanigans that |
23 |
>you're talking about. |
24 |
> |
25 |
>> All browsers will treat their fake certificate corresponding to the |
26 |
>> fake key on their fake web server as completely legitimate. The |
27 |
>"real" |
28 |
>> original key that you generated has no special technical properties |
29 |
>> that distinguish it. |
30 |
> |
31 |
>Not /all/ browsers. I know people that have run browser extensions to |
32 |
>validate the TLS certificate that they receive against records |
33 |
>published |
34 |
>via DANE in DNS, which is protected by DNSSEC. So it's effectively |
35 |
>impossible for a rogue CA and malicious actor to violate that chain of |
36 |
>trust in a way that can't be detected and acted on. |
37 |
|
38 |
From my understanding its all based on trust and faith unless I take steps from my side. That doesnt seem very safe. |
39 |
Tech should be based on tech. Not faith and trust on the other party. |
40 |
|
41 |
Marinus |