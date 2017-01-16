Hacker News new | comments | show | ask | jobs | submit login
Certified Malice (textslashplain.com)
40 points by andygambles 3 hours ago | hide | past | web | 17 comments | favorite





This is domain validation (DV). A DV HTTPS/TLS cert doesn't make any assertions about a certificate representing any particular legal entity. Authentication is to a domain: you have an encrypted channel to whatever that domain is. Some CAs used to do extra checks for suspect domains on DV certs but they're not required and they don't scale for automated systems.

    openssl x509 -in domain-validated-example.com.crt -noout -text | grep Subject
     OU=Domain Control Validated
     CN=example.com
     DNS:example.com
As opposed to EV which does. Authentication is to a legal entity, you have a encrypted channel to that legal entity:

  openssl x509 -in extended-validated-example.com.crt -noout -text | grep Subject:
    jurisdictionOfIncorporationCountryName=GB
    businessCategory=Private Organization
    serialNumber=09378892
    C=GB
    ST=City of London
    L=London
    O=example Limited
    CN=example.com
    DNS:example.com -
(Domains are also required to be reviewed by a human for EV)

Disclaimer: work for CertSimple, who only does EV certificates (which match a cert to a legal entity). Though I use DV for my personal site.

I would ask: if DV is an acceptable weaker alternative to EV then why do we need certificates at all? Why doesn't anyone allow HTTPS without a certificate- it would allow you to establish you are talking to the same server you thought you were 5 seconds ago. The reason, of course, is: that certificate-less HTTPS and DV are pretty much useless and huge net-negatives as they are confusing and imitate stronger certifications.

Why is DV useless? DV asserts that you are securely talking to whomever controls that domain. That's very valuable. If they're confusing, that's on the browsers.

Edit: You also cannot just discard certificates and use HTTPS as an "I'm talking to the same server I was 5 seconds ago", because that does literally nothing to prevent MitM attacks. If you can't assert that you're talking securely to the domain owner, then there's nothing at all stopping someone in a privileged network position from intercepting and altering your traffic, because they could simply proxy it through their own server.

I think the parent post is saying that you'd know that you're talking to the "same server" in a very literal sense (ie. if you were MITM'd, you'd know you're talking to the same server that MITM'd you the entire session).

Not exactly sure what that'd buy...

We need certificates because network traffic can be redirected. For example, once you've saved a bookmark to https://example.com, the certificate ensures that clicking on the link connects you to a server that has the private key for example.com.

That's worth something. But as the article points out, it doesn't help if you started out with the wrong domain name. (How do you get the bookmark in the first place?)

Wouldn't DV validate that your DNS resolved correctly, which non-certificate methods dont?

Not only that, it also guarantees there's no MITM.

HTTPS without certs means you are talking securely to your attacker :-)

Do any of the browsers try to differentiate EV and DV?

Yes. This website has a DV cert, so in Firefox it has the green lock icon but nothing else. By contrast, if you go to twitter.com, which has an EV cert, you'll see "Twitter, Inc. (US)" in green text next to the lock icon, because that's the legal entity that the EV cert was issued for.

I think Chrome used to do this too, but it doesn't for me right now; I'm not sure why.

DV certificates are not meant to certify who operates a given site. They only certify that you are securely connected to the authorized server for the domain name, instead of being MITM-ed.

So, in effect, CAs issuing DV certs for websites, including phishing sites, is a feature, not a bug. If users are misinterpreting what a DV certificate means and doesn't mean, then it is up to browsers to make clear the difference between DV, OV, and EV.

A Domain-Validation certificate is just that. We shouldn't expect it to act like OV or EV.

The big reason that cert's are as unused as they have been for two decades is because of the stupid desire to incorporate identity along with encryption.

They've both useful- they've more useful together, and they're expensive and not used everywhere because of the identity problem.

This is just going to have to be accepted (for a while?) to get proper encryption.

Pointing out that this can happen is neither useful or news, and perpetuates this nonsense that's been holding us back.

stupid desire to incorporate identity along with encryption.

It's not a stupid desire. Encryption is pretty useless without authentication.

I think they mean lack of tying two notions of identity together: domain name and "real world" entity.

DV certs tie encryption to a purely digital identity while EV ties that identity to a real world identity as well.

It's very unfortunate there isn't a way to force more responsibility/accountability onto CAs who issue phishing certificates.

Of course, the non-internet version of a CA, credit rating agencies, do not behave any better with the trust given to them by the public.

Maybe the creators of the Bitcoin alt coin "namecoin" had the right idea.

I don't believe it's reasonable to expect a CA to police the content of a domain that they have issued a certificate for.

As the original article points out, you can perform these kinds of attacks with any address by setting up sub domains ("https://www.paypal.com.safe.com" looks pretty similar to "https://www.paypal.com" to most users).

I personally think this is an issue with the browser UI/UX as it currently stands. "Secure" sends the wrong message to your average user. I would like to see something like the prominent display of the second/third level domain at the top of every browser tab (depending on the TLD). i.e. "ycombinator.com", "paypal.com", etc.

It's very unfortunate there isn't a way to force more responsibility/accountability onto CAs who issue phishing certificates.

It's very easy: get the browser vendors to remove them from the root store. It's exceedingly effective. The "problem" is that the browser vendors seem to agree that CAs shouldn't be content watchdogs.

Did you read the linked position paper from LetsEncrypt?

Definitely an issue. Chrome has already changed the SSL indicator to just read "secure" rather than naming the cert.

