[liberationtech] Question EFF CA Let's Encrypt
Just looked at this: https://letsencrypt.org/howitworks/technology/ The EFF's new CA to make things cheap and easy for installing certs. I like the goal. What I do not get from the description is how they really verify that I legitimately own the site. If I should manage to reroute some traffic and do DNS cache poisoning on a web-site address, wouldn't the system accept my web-site as valid? It seems like they are accepting the fact that you can reach the site using DNS information (which is not secured) as proof of legitimacy. Or is there something I am missing? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Question EFF CA Let's Encrypt
Maybe it requires DNSSEC? But if you can hijack the DNS request between wherever their servers are coming from, then there are much larger issues at play that you need to address. -Andrew On Wed, Nov 19, 2014 at 10:13 AM, Richard Brooks r...@g.clemson.edu wrote: Just looked at this: https://letsencrypt.org/howitworks/technology/ The EFF's new CA to make things cheap and easy for installing certs. I like the goal. What I do not get from the description is how they really verify that I legitimately own the site. If I should manage to reroute some traffic and do DNS cache poisoning on a web-site address, wouldn't the system accept my web-site as valid? It seems like they are accepting the fact that you can reach the site using DNS information (which is not secured) as proof of legitimacy. Or is there something I am missing? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Question EFF CA Let's Encrypt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hopefully you've seen the developing description of the protocol here: https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md That sounds like it will soon make its way into IETF for a broader discussion. I don't see an explicit mechanism that can deal with poisoning, but it might be that they check a few independent network views of the record they're verifying. I'm CC'ing Richard who has done a lot of the thinking to date... Richard, not sure if you can post to libtech but happy to intermediate. best, Joe On 11/19/14, 10:13 AM, Richard Brooks wrote: Just looked at this: https://letsencrypt.org/howitworks/technology/ The EFF's new CA to make things cheap and easy for installing certs. I like the goal. What I do not get from the description is how they really verify that I legitimately own the site. If I should manage to reroute some traffic and do DNS cache poisoning on a web-site address, wouldn't the system accept my web-site as valid? It seems like they are accepting the fact that you can reach the site using DNS information (which is not secured) as proof of legitimacy. Or is there something I am missing? - -- Joseph Lorenzo Hall Chief Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (Darwin) iQIcBAEBCAAGBQJUbNY6AAoJEF+GaYdAqahx2moQAIvw0CZH7N4R5PYrZNvlVQXM AOplSIHg0bmI+6iZzFy5yMnEwGPc22cKKGUIFTlu589nZo7oGHy5AnqAFT0+mmsn Yd2Jp2H3vz2kIU0mG9+AQmFFtHAmekE6jKGyN5lUB1liO81yWYSlpaEHzfW7l+ze mPnQTEqaZiwKxymzL/NCDs5CFOqd2L55cYu8CNLGIzFxOREEMFoQxRrv69H0ZVmh rDgGq+cuXdXGa06c3GXnvUPo4dieGnU06WyQFM8jxqzy0Jfae/5HAZmgP98SrYjv fLF77o7ns0Y2BAOq1jaG9Vjj3rBdcN89efZqvoTMjgdpXPeVlKIrPhzRPIuRMIdG pK6stBSxeaU6p3zvIG8TaYrw0Mw9Zfbh0ci6G5XdKBb4GNYrkDZJpW6r86WmmeBa /MSBitEpFtJCtFaBWoxaRF8ByD2JKvHEDKqaA58124R9X1iw2d7Z4/8oJjRHWusR QbEAs8GmgSHtJmi30++QQSSlSnvrCjmovYQTfsVVGs7ffVe3TnNbqC972RKhlcCQ aRqMY2YBuV/1tcQM+GCajhteZ1mud65XpCrOBmVsfXlVuqWKU/Lqi/XyiU0I33hL B9kIUlKW5tqy7rv855u5GYJj8QSJfm7KoptpBeJ03uuJ5G8m1+ZS8FtxSKNG7XUD WftNiLytARXgDsz5BTg5 =LUh0 -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Question EFF CA Let's Encrypt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My question boils down to: DNS (not DNSSEC) is unauthenticated, and a number of spoofing, poisoning attacks have been shown. One of the goals of the certs is to authenticate the other end of the communications, but I get the impression that this approach gives no extra verification beyond the fact that DNS sent you to the site at some point in time. How does this provide more security than self-signed certs? If you do verification from multiple geographic locations, that may be OK but still seems a bit dodgy. I really like the goal, I feel like I must be missing something here. On 11/19/2014 12:41 PM, Joseph Lorenzo Hall wrote: Hopefully you've seen the developing description of the protocol here: https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md That sounds like it will soon make its way into IETF for a broader discussion. I don't see an explicit mechanism that can deal with poisoning, but it might be that they check a few independent network views of the record they're verifying. I'm CC'ing Richard who has done a lot of the thinking to date... Richard, not sure if you can post to libtech but happy to intermediate. best, Joe On 11/19/14, 10:13 AM, Richard Brooks wrote: Just looked at this: https://letsencrypt.org/howitworks/technology/ The EFF's new CA to make things cheap and easy for installing certs. I like the goal. What I do not get from the description is how they really verify that I legitimately own the site. If I should manage to reroute some traffic and do DNS cache poisoning on a web-site address, wouldn't the system accept my web-site as valid? It seems like they are accepting the fact that you can reach the site using DNS information (which is not secured) as proof of legitimacy. Or is there something I am missing? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlRs2ZIACgkQEwFPdUjsHjCmbACffwHoqUwTCk5n+njJBUysaUc9 qjUAnRt9Jr341choZlT4dMYGDikKUOVR =wqjy -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Question EFF CA Let's Encrypt
On 19 November 2014 09:13, Richard Brooks r...@g.clemson.edu wrote: Just looked at this: https://letsencrypt.org/howitworks/technology/ The EFF's new CA to make things cheap and easy for installing certs. I like the goal. What I do not get from the description is how they really verify that I legitimately own the site. If I should manage to reroute some traffic and do DNS cache poisoning on a web-site address, wouldn't the system accept my web-site as valid? It seems like they are accepting the fact that you can reach the site using DNS information (which is not secured) as proof of legitimacy. Or is there something I am missing? Well that's how Domain Validation certificates work today. If I can control DNS information (MX records or WHOIS info) for google.com, I could go get DV certs issued for it today*. -tom * Technically, I couldn't for google.com, because CAs have some sort of secret list of 'high profile' domains that get more strict requests, and google is almost certainly on it. But unclebobsdiscounthangglidingandbbq.com would work fine. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Question EFF CA Let's Encrypt
On Wed, Nov 19, 2014 at 3:13 PM, Richard Brooks r...@g.clemson.edu wrote: Just looked at this: https://letsencrypt.org/howitworks/technology/ The EFF's new CA to make things cheap and easy for installing certs. I like the goal. What I do not get from the description is how they really verify that I legitimately own the site. If I should manage to reroute some traffic and do DNS cache poisoning on a web-site address, wouldn't the system accept my web-site as valid? It seems like they are accepting the fact that you can reach the site using DNS information (which is not secured) as proof of legitimacy. Or is there something I am missing? Yes, you appear to be missing that _many_ CAs are already using domain validation less sophisticated than what is proposed there. (e.g. godaddy is one example, I believe startssl is another) E.g. you prove ownership to them by them fetching a file with a specified name over http from a single location. There are also CAs with special agreements like digicert will instantly issue to cloudflare a cert for any domain which resolves to a cloudflare IP block. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Question EFF CA Let's Encrypt
You realize this is the same thing that the entire CA system currently uses and the purpose of the project is not to “fix” the CA system, right? This aspect isn’t any weaker than what people already do (if you’ve ever bought an SSL cert). They aren’t trying to address any DNS issues and making improvements to a system doesn’t really require fixing everything that can go wrong (which is an excuse for inaction). Al On Nov 19, 2014, at 9:55 AM, Richard Brooks r...@g.clemson.edu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My question boils down to: DNS (not DNSSEC) is unauthenticated, and a number of spoofing, poisoning attacks have been shown. One of the goals of the certs is to authenticate the other end of the communications, but I get the impression that this approach gives no extra verification beyond the fact that DNS sent you to the site at some point in time. How does this provide more security than self-signed certs? If you do verification from multiple geographic locations, that may be OK but still seems a bit dodgy. I really like the goal, I feel like I must be missing something here. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.