Hacker News new | past | comments | ask | show | jobs | submit login

What is the extent of the MITM attack that you can do with this certificate? Can you intercept all https traffic?

If a user trusts this root CA (~ "installs the certificate") then someone who controls the root can now make their MITM look like the real deal, because it's trusted. After all you've said you trust them. Whether you _should_ trust the authoritarian government of Kazakhstan is a policy issue.

On its own the root does not magically intercept the traffic, so Kazakh ISPs will need to do a bunch of (potentially quite expensive) work to actually MITM traffic for the Kazakh government, but with the root once that work is done it doesn't get flagged as a problem.

Because this exact same strategy (root that is not trustworthy is installed) is used in corporate setups to do anti-exfiltration, porn filtering and dozens of other things of dubious value, browsers are designed to let you, or the computer's administrator, choose to trust root CAs and indeed lots of counter-measures that protect ordinary users from bad guys are deliberately _disabled_ in the scenario where you've told it to trust some third party. You know best.

If you imagine a hypothetical system which just doesn't trust this root, say somebody has a Raspberry Pi they smuggled across the border, or more prosaically, they just said "No" and refused to install the root certificate -- such a system just will treat the MITM as an error, your secure web browsing won't work because it can't make a secure connection.

Or contrariwise, suppose you install the root in an otherwise ordinary PC in New York connected to AT&T, it will have no effect because the Kazakh government obviously isn't in New York MITMing your connections to other stuff.

How do I know that NSA does not have one root certificate pre-installed in my browser?

Review and compile the browser yourself, or just trust that someone would have found it by now and trust that your browser vendor knows that and would never do it in the first place unless they wanted to kill their browser instantly

The NSA doesn't need a root certificate installed on your computer if they already have the private keys to the root and/or intermediate CA providers.

Yes, having a root CA certificate like this installed in a client allows the certificate issuer (so in this case KZ government and anything they authorize ISPs to do) to impersonate any and every other domain. So yes, ALL https traffic to and from that client to be subject to intercept.

Why does such a certificate exist in the first place?

It exists to intercept https and potentially other TLS traffic. It exists because everybody can make such a certificate. I made such a CA certificate for my personal use, not to MITM myself, but to issue certificates for some internal services that are out of scope of letsencrypt. Every major desktop OS comes with tools that let you make a CA certificate, Windows does, macos does, linux distro usually ship openssl/gnutls/nss tools (as installable packages).

The challenge is not to make it but to get it trusted by OS and software. The Kazakhstan government solved it by having the ISPs just tell people to install the thing themselves into each and every device you own.

Why does the government want this? To snoop on people. Usually framed as "We need to be able to fight terrorists, criminals and/or foreign enemies who 'abuse' encryption to hide their malicious activities". Tho, a lot of times the government will say all people are potential terrorists, and you just don't know if they are until you start snooping on them.

It's not only a thing with just authoritarian regimes, either. Australia passed a law which basically forces Australian companies and citizens to add backdoors in any products using end-to-end encryption (thereby effectively disabling end-to-end encryption) so the government can read communication if they want to.

The UK has a law ("snooper charter") that requires companies to "remove or disable" encryption when the government shows up with a warrant.

The US similarly are looking into end-to-end encryption busting legislation. And they already compelled companies to effective disable encryption systems, e.g. when a judge ordered lavabit (then the email provider Edward Snowden used) to hand over their encryption keys and install a government provided device capable of logging all traffic. And let's not forget that for a long time US law classified strong encryption as a "weapon" which meant you could not export encryption easily. Or the NSA e.g. pushing their backdoor encryption-busting PRNG (Dual_EC_DRBG) and weak encryption schemes (Speck, Simon).

German politicians recently started demanding end-to-end encryption busting legislation too, except they said "we do not want to make encryption weaker or insecure, we just want that the companies give us the plaintext data", which once more shows that they didn't thought it was necessary to do the most basic research into how this stuff works before talking.

It seems like this is material movement toward actual authoritarianism to me.

Anybody can make one.

You can make one on your own computer, give the result to your friends, tell them to connect through you as a proxy, and intercept everything. The tricky part is that browsers are hard coded with a list of a few trusted root certificates to trust. In order for the home baked certificate you just made to do any good, people have to explicitly install it and mark it as trusted. That means you have to distribute your newly minted root certificate and get every end point device to accept it manually.

That's what's so sinister about Kazakhstan's approach: by issuing a governmental mandate for citizens install the certificate they generated, and restricting their internet if they don't, they are effectively bypassing the Internet's current trust system entirely and granting themselves cart-blanche access to all their traffic.

Because it takes nothing but an openssl installation (or similar) to generate one?

Anyone can control a (root) certificate - the problem is getting others to trust it. Legitimate use cases might be: You want to intercept (and decrypt) traffic going from your local computer to SSL/TLS endpoints (affects only you) for example. Less clear cut / nice example: Company wants to read your traffic and therefor deploys a cert like this on your computer, now can snoop on anything you do, https or not.

Anyone can make one. You can make one if you want to. Getting others to trust and install it is the key - and in this case it is government mandated.

It is not uncommon to see this in companies that (for security, regulatory, or other reasons) need to monitor traffic in and out of their network. They have all the company provided computing devices include their self-generated CA certificate and force all HTTPS traffic through a MitMing proxy in order to do the scanning.


Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact