
Certified Malice - andygambles
https://textslashplain.com/2017/01/16/certified-malice/
======
nailer
This is domain validation (DV). A DV HTTPS/TLS cert doesn't make any
assertions about a certificate representing any particular legal entity.
Authentication is to a domain: you have an encrypted channel to whatever that
domain is. Some CAs used to do extra checks for suspect domains on DV certs
but they're not required and they don't scale for automated systems.

    
    
        openssl x509 -in domain-validated-example.com.crt -noout -text | grep Subject
         OU=Domain Control Validated
         CN=example.com
         DNS:example.com
    

As opposed to EV which does. Authentication is to a legal entity, you have a
encrypted channel to that legal entity:

    
    
      openssl x509 -in extended-validated-example.com.crt -noout -text | grep Subject:
        jurisdictionOfIncorporationCountryName=GB
        businessCategory=Private Organization
        serialNumber=09378892
        C=GB
        ST=City of London
        L=London
        O=example Limited
        CN=example.com
        DNS:example.com -   
    

(Domains are also required to be reviewed by a human for EV)

Disclaimer: work for CertSimple, who only does EV certificates (which match a
cert to a legal entity). Though I use DV for my personal site.

~~~
jmount
I would ask: if DV is an acceptable weaker alternative to EV then why do we
need certificates at all? Why doesn't anyone allow HTTPS without a
certificate- it would allow you to establish you are talking to the same
server you thought you were 5 seconds ago. The reason, of course, is: that
certificate-less HTTPS and DV are pretty much useless and huge net-negatives
as they are confusing and imitate stronger certifications.

~~~
eridius
Why is DV useless? DV asserts that you are securely talking to whomever
controls that domain. That's very valuable. If they're confusing, that's on
the browsers.

Edit: You also _cannot_ just discard certificates and use HTTPS as an "I'm
talking to the same server I was 5 seconds ago", because that does literally
nothing to prevent MitM attacks. If you can't assert that you're talking
securely to the domain owner, then there's nothing at all stopping someone in
a privileged network position from intercepting and altering your traffic,
because they could simply proxy it through their own server.

~~~
dTal
This is the same argument as "self-signed certificates are useless". They
aren't. Not all interception is MitM. With spy agencies operating passive taps
on infrastructure, as a fraction of your intercepted traffic, virtually none
of it us. Completely unsigned, unverified encryption is still a massive
roadblock to dragnet surveillance.

>does literally nothing to prevent MitM attacks

It does more than nothing. Especially if you make the reasonable assumptions
that 1) the user is not being MitMed most of the time and 2) the user is
likely to have connected to the (small) set of sensitive sites before they
experience their first MitM.

Example: my home internet is unadulterated. I check my mail. My computer saves
the certificate. I go to a coffee shop. I check my mail again. Somone tries to
MitM me. My computer instantly spots a changed certificate.

Obviously we should still use and verify certificates. But I notice a nasty
trend of making the perfect the enemy of the good in security. There's a
perception that if it's not perfect, it's worse than useless and should be
shunned (probably due to historical bad experiences with false senses of
security).

~~~
eridius
Your computer can't simply remember the certificate that was used for the last
connection, because then sites can never change their certificates (which
would be a huge issue).

~~~
wtbob
They could, for example, sign the new cert with the old one.

~~~
willstrafach
What if the certificate's private key is compromised? How would revocation
work?

------
tonyztan
DV certificates are not meant to certify who operates a given site. They only
certify that you are securely connected to the authorized server for the
domain name, instead of being MITM-ed.

So, in effect, CAs issuing DV certs for websites, including phishing sites, is
a feature, not a bug. If users are misinterpreting what a DV certificate means
and doesn't mean, then it is up to browsers to make clear the difference
between DV, OV, and EV.

A Domain-Validation certificate is just that. We shouldn't expect it to act
like OV or EV.

~~~
GrinningFool
We don't - but most of the rest of the browsing public doesn't know the
difference.

~~~
eridius
That's why it's up to the browser to distinguish them.

~~~
GrinningFool
The problem with that is that they haven't significantly done so yet - and
people are well-trained to look for the green padlock to ensure the site is
secure without much consideraton beyond that point.

So while I see your point, that's another transition that will take years to
drill into public awareness - even if the browsers could agree on a meaningful
and consistent representation, which seems like its own challenge

~~~
eridius
Safari has. There's no green on the address bar for a DV cert, just a little
grey padlock. But with an EV cert you get the green text and the legal name
(in addition to the domain). So that makes it easy - if there's green, you can
trust it to tell you the legal entity that you're talking to.

------
dethswatch
The big reason that cert's are as unused as they have been for two decades is
because of the stupid desire to incorporate identity along with encryption.

They've both useful- they've more useful together, and they're expensive and
not used everywhere because of the identity problem.

This is just going to have to be accepted (for a while?) to get proper
encryption.

Pointing out that this can happen is neither useful or news, and perpetuates
this nonsense that's been holding us back.

~~~
gcp
_stupid desire to incorporate identity along with encryption._

It's not a stupid desire. Encryption is pretty useless without authentication.

~~~
ubernostrum
The average blogger cares that their password is encrypted when logging in to
their blog. They probably don't care very much whether someone can also verify
their legal identity, and in fact quite a few bloggers probably explicitly
_don 't_ want that.

The average banker, on the other hand, does care about the identity
verification.

Why have we decided that everyone must have the banker's use case?

~~~
eridius
DV doesn't do legal identity. It does domain verification. And that's exactly
what your blogger wants. A secure connection without domain verification means
you can be trivially MitM'd.

------
tinus_hn
So the browsers should show the right part of the domain name in the bar if
the domain name doesn't fit, instead of the left part. Or perhaps not show it
at all if it doesn't fit.

~~~
gcp
[https://bugzilla.mozilla.org/show_bug.cgi?id=1236431](https://bugzilla.mozilla.org/show_bug.cgi?id=1236431)

[https://bugzilla.mozilla.org/show_bug.cgi?id=1271998](https://bugzilla.mozilla.org/show_bug.cgi?id=1271998)

------
pokemon-trainer
It's very unfortunate there isn't a way to force more
responsibility/accountability onto CAs who issue phishing certificates.

Of course, the non-internet version of a CA, credit rating agencies, do not
behave any better with the trust given to them by the public.

Maybe the creators of the Bitcoin alt coin "namecoin" had the right idea.

~~~
gcp
_It 's very unfortunate there isn't a way to force more
responsibility/accountability onto CAs who issue phishing certificates._

It's very easy: get the browser vendors to remove them from the root store.
It's exceedingly effective. The "problem" is that the browser vendors seem to
agree that CAs shouldn't be content watchdogs.

Did you read the linked position paper from LetsEncrypt?

~~~
pokemon-trainer
That's very much a libertarian style nuclear option to remove a CA from the
root store. Why can't the industry work out a fine to pay an ICANN-like org
for root CAs when it happens?

~~~
Buge
A large percent of phishing sites are hacked wordpress sites.

So if a CA offers a certificate to a legitimate wordpress site, which then
proceeds to let itself get hacked and host a phishing page, that CA now has to
pay a fine?

------
hamilyon2
I thought there was a plan to change browser ux to display DV https as simple
white icon some time ago. Chrome and firefox. Unencrypted connections will
show red icons and EV certificates will show as green. It makes sense in
"encrypted by default" world

------
jwatte
Google and others could easily look for domain names on the certificate
transparency list and immediately add anything containing "PayPal" or "baidu"
or whatever to the block list, until it can be checked manually.

In fact, the browser itself could do this...

~~~
gcp
So we ban paypalsucks.com?

------
rini17
1\. Store the certificate directly in DNS, signed by DNSSEC

2\. Have a way for user to easily and prominently display name or domain who
is the certificate issued for, hardware button would be best IMO.

No participant in this CA racket has any interest for this to happen...

~~~
wmf
How is that different from DV certs?

------
hartator
> Users tend to be annoyed when you tell them only the truth– “This download
> was not reported as not safe.”.

First time that I am hearing users prefer a vague error explanation than
truthful precise one.

And there is a silver bullet. Teach people - and most people already know it,
don't assume people are idiots - how to recognize a domain name. Then the
padlock. But, domaine names are infinte more important than padlocks. Always
been the case and will likely never change in the near future.

~~~
marvy
> teach people how to recognize domain name

You say don't assume people are idiots. I agree, most are not. I will go
further and say that, even among those who fall for these scam sites, most are
not idiots (though the proportion is higher.)

But! You underestimate the scammers, and you underestimate the size of their
toolkit. Sure, it's easy to look at an example like paypal.com.evil.com and
think "I can teach users to read that properly". Maybe you can. But how about
paypa1.com? And how about once we start playing games with Unicode? Can you
tell a Latin lowercase A from the Cyrillic one? Are you going to teach users
to copy and paste any suspicious URL into hex editor so as to make sure that
its ASCII?

You're right about at least one thing: if you could get people to read domain
names, that would be a silver bullet. And it's definitely possible to much
better than now. But I worry that the scammers would simply up their game in
response.

------
djyaz1200
Definitely an issue. Chrome has already changed the SSL indicator to just read
"secure" rather than naming the cert.

~~~
duskwuff
Not that I'm aware of. Still displays the verified identity name for sites
using EV certificates, like [https://paypal.com/](https://paypal.com/)
("PayPal, Inc. [US]").

~~~
eridius
OP is talking about DV certificates. Showing the verified legal identity for
EV certificates is correct behavior, otherwise there's not much point to
having one.

~~~
duskwuff
If that's what they meant, I'm still confused. Chrome has never displayed a
certificate name in the address bar for DV certificates -- the "Secure" text
for DV certificates is completely new; older versions just displayed a lock
icon there.

~~~
eridius
Chrome uses green for the DV lock, though, which is a bad idea. EV certs
taught users that green means good, and then Chrome decided to use it for DV
certs too. So users are taught that green is good, and when they go to a DV
site they see green text and it says "Secure", so they think they're safe.
This is absolutely terrible design on Google's part.

