

Ask HN: How well protected are SSL certificates? - vrypan

I&#x27;m no expert in this, and I&#x27;d like your input: How well is the SSL certificate infrastructure protected? Could the NSA obtain the SSL certificate of let&#x27;s say, mail.google.com? Or, even worst, could they get their hands on the certificates of a CA? If so, they could intercept almost any communication over HTTPS by using a man-in-the-middle attack, right?
======
parliament32
Yes.

The NSA can go to any provider and say "We want your private cert. Also you're
not allowed to tell anybody about this. Because terrorism."

If your site is externally hosted, they can go to your hosting provider and
take your private cert without you ever knowing.

This private cert will let them decrypt any TLS/SSL traffic they may have
captured in the past.[1]

They can also MITM any TLS/SSL connection if they have their hands in a single
root CA.[2]

[1]PFS can prevent this, but only Google and Bloomberg use it right now. See
([http://en.wikipedia.org/wiki/Perfect_forward_secrecy](http://en.wikipedia.org/wiki/Perfect_forward_secrecy)).

[2]Certificate pinning can prevent this, but only Google and MS use it right
now. See ([http://security.stackexchange.com/questions/29988/what-is-
ce...](http://security.stackexchange.com/questions/29988/what-is-certificate-
pinning)) and ([http://tack.io/](http://tack.io/)).

------
ProblemFactory
The SSL infrastructure is protected only by the shaky assumption that "all CAs
are responsible and would never create a certificate for anyone but the true
owner of the domain."

Here is a list of root CAs in Firefox:
[https://docs.google.com/spreadsheet/pub?key=0Ah-
tHXMAwqU3dGx...](https://docs.google.com/spreadsheet/pub?key=0Ah-
tHXMAwqU3dGx0cGFObG9QM192NFM4UWNBMlBaekE&single=true&gid=1&output=html)

Not just NSA, but _all_ of those organisations can create a valid SSL
certificate for mail.google.com, and your browser would accept it silently.

