• Valmond@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 days ago

    Since I set up a https website (lemmy) and had to deal with the hassle of certificates, I do wonder why you need another entity to churn out what’s basically a RSA key pair?

    Is it this you must trust the government again or is there some better reasons for it?

    • AHemlocksLie@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 days ago

      It’s to make sure you’re actually reaching your intended endpoint. If I’m visiting a site for the first time, how do I know I actually have THEIR certificate? If it’s self generated, anybody could sign a certificate claiming to be anybody else. The current system is to use authority figures who validate certificates are owned by the site you’re trying to visit. This means you have a secure connection AND know you’re interacting with the correct site.

      • Valmond@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 days ago

        Question, if I can get free valud certs today (there atey sites that give you free ones, I use one for my lemmy site), where’s the security?

        I mean it’s secure against man in the middle, but if my site is hacked, no proof is going to prevent the hackers to distribute whatever they want.

        • Kazumara@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          6 days ago

          Well it stands to reason, that TLS, i.e. Transport-Layer-Security, would secure the transport, and not secure the server providing the service against intrusion.

          Also how is your hypothetical related to cost of certificates? If you use an expensive certificate with in person validation of your organization and its ownership of the domain name (these types of certs exist), then how does that change the case where your site is hacked, compared to the free certificate?

          • Valmond@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            5 days ago

            I think there is a big misunderstanding here.

            My question is why shall I use a trusted certificate instead of rolling my own, if it wasn’t enforced (or st least made inconvenient) by google & co.

            Does their certs protect better in some way?

            • Kazumara@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              5 days ago

              A certificate fundamentally only does the following, it binds a name and a public key together and attaches a signature to that binding.

              Anyone can make a certificate binding any key to any name and put their own signature on it, they just can’t fake others people’s signatures. This is also what you do if you self sign a certificate. If you then install the public key of your signing key in your webbrowser you can connect to your own services using your TLS key and your browser will check that the server presents the certificate with a matchign signature proving that it is using the right TLS key.

              You can also bind your TLS key to www.wikipedia.org and sign it. However nobody else knows your signing key, and thus nobody would trust the certificate you signed. Which is a good thing, because otherwise it would be easy for you to impersonate Wikipedia’s website.

              The value of trusted certificates lies in the established trust between the signers (CAs) and the software developers who make browsers etc. The signers will only sign certificates to bind names and TLS keys for the people who actually own the name, and not for third parties.

              The validation of ownership is the thing that varies a lot. The simple way is just checking for control of the web server currently reachable under a name, or checking for control of the DNS entries for a name, but the more complicated validations check business records etc.

              So when you’re asking do they protect better, it’s kind of difficult to say.

              • If you can validate the signature yourself, say you have control of the browser and the server, then your own signature is fine, and a trusted one wouldn’t be any better.
              • But if you want third parties, that don’t know you, to be able to verify that their TLS session is established to a person who actually owns the domain, rather than a man in the middle, then the only practical solution today is using that established trust system.
              • If you are asking about the encryption strength of the TLS session itself, then that’s completely independent of the certificate issue, because again the certificate only binds a name to a key with a signature. You can bind an old short key, whose private key has been leaked before to a name, or you can bind a modern long key that is freshly generated to the same name. You can used either key in a good or a bad cryptographic setup. You can use deprecated SSL 3.0 or modern TLS 1.3. Those choices don’t depend on who signs the certificate.

              I hope that helps, sorry for writing so much

              • Valmond@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                5 days ago

                Not at all, thank you for actually trying to answer my question instead of just telling me how it is supposed to work!

                Just quickly, no I didn’t wonder about the keys encryption strength, what I do wonder about is if it is overall more secure to use a “trusted” entity, than, if the browsers weren’t locked down, my own home-generated signature.

                I mean, if someone tries to “man in the middle”, or maskerade as my website, the trusted stuff will not add any security.

                If someone hacks my site, and then maskerades as me (or does their shenanigans) the trusted stuff doesn’t add any security there either. They can just use my installed all set up “Trusted tm” certificate until it expires (my home made cert will expire too BTW).

                So, for now, I don’t see any benefit to this except the trusted entity gets to have control over it all (and earn some money).

                I bet there are smarter people than me out there who knows why I’m wrong, hence all the noobie questions.

                Cheers!

        • AwesomeLowlander@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 days ago

          Certificates are to protect against MitM attacks, not prevent your site from getting hacked. You need to secure everything, this is one aspect of it

            • towerful@programming.dev
              link
              fedilink
              English
              arrow-up
              0
              ·
              6 days ago

              You can distribute your public key, and have people manually add it to their trust stores.
              But OSs and browsers ship with preloaded trusted certificates. This way, the owner of a preloaded trusted certificate can issue new certificates that are automatically trusted by people’s OSs and browsers.
              To become a preloaded trusted certificate owner, I imagine that there are stringent audits and security requirements. Part of that will be verifying the identity of the requester before issuing them a certificate.

              With LetsEncrypt, they either need to talk to a server hosted at the domain to retrieve a token (generated when the request is initiated).
              This proves the requester owns/controls the domain and the server (the requester has correctly set up DNS records, and placed the required token on the server). This is HTTP challenge mode.
              The other method is by a DNS challenge. The requester adds a TXT record to their nameservers with the token value, letsencrypt then inspects the DNS records for the domain and will issue a cert when it sees the token. This proves the requester owns/controls the domain.

              So, proving identity is required (otherwise anyone could generate a trusted cert for any domain). And trusted certificate issuers are required, so people don’t have to constantly import (possibly dodgy) public keys

            • Give the caller my public key and on we go.

              And how does the client validate that your public key is actually your public key and not some attacker’s?

              The idea of having a trusted 3rd party is to ensure that some impartial and trustworthy arbiter can confirm to the client that yes, this certificate is trustworthy, because they issued it to the correct party.

              But you can absolutely self-sign a certificate. Works just fine, though not all clients accept self-signed certificates as trustworthy as anyone could have issued it.

              • Valmond@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                5 days ago

                Because they’ll use it and it’s I that verify by decrypting it with my private key? If someone makes him use a bad key then it just won’t work.

                • How do they know you verified by decrypting?

                  The client has to be able to verify. They can’t trust your result. Imagine a man-in-the-middle attack; if someone intercepted all traffic between you and the client, including the cert exchange, how would either party figure out that traffic was being intercepted?

                  Client connects to website, but gets intercepted. Attacker provides own self-signed certificate to client. Client asks you to verify the certificate, but attacker can intercept that too and just reply the certificate is “totes cool bro just trust me”. You are none the wiser either, because the attacker can just decrypt client traffic and pretend they are the client by re-encrypting the data themselves.

                  With a Certificate Authority, the client can take the received cert and ask the CA “did you sign this?”. The CA will then tell you they didn’t, exposing the attacker’s fake cert. This works, because the CA is already a trusted entity. That trust is being extended to your website’s certificate validity and thus the website identity.

                • lud@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  5 days ago

                  Sure, but the first time the other person would have to accept your self signed cert. There is no knowing that the cert presented the first time was actually from you and not someone else.

        • Kazumara@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 days ago

          Sure, just convince the creators and maintainers of important software certificate stores to add your trust root. For example: Google, Mozilla, Microsoft, Apple, Linux, Cisco, Oracle, Java, Visa.

        • frezik@midwest.social
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 days ago

          Your browser and/or OS has a list of trusted certs called “certificate authorities”. When it receives a cert from a web site, it checks that it was signed by a CA. So what you’re asking is to become your own CA.

          That basically means convincing Mozilla, Microsoft, Google, Apple, etc. that you know how to safely manage certs. It tends to be a pretty high bar. For example, many CAs have a root cert that they keep locked away in a safe that only a few people have access to behind several other layers of security. They have a secondary key that’s signed by the root, and the secondary key is used to sign actual customer certificates. That way, they can expire the secondary every year or so and only ever use the root when they need a new secondary. IIRC, Let’s Encrypt has two secondaries with overlapping expiration times.

          So to answer your question, no, not unless you’re willing to go to great lengths and have a great deal of knowledge about TLS.

        • AHemlocksLie@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 days ago

          I don’t know what the process is like to become a certificate authority. I imagine the answer is technically yes but realistically no, at least not as an individual. You’d be providing a critical piece of internet infrastructure, so you’d need the world to consider you capable of providing the service reliably while also capable of securing the keys used to sign certificates so they can’t be forged. It’s a big responsibility that involves putting a LOT of trust in the authority, so I don’t think it’s taken very lightly.

  • jonw@links.mayhem.academy
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 days ago

    Don’t certs just create an ephemeral key pair that disappears after the session anyhow? What does cert validity period have to do with “This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.”

    I mean, it’s LE so I’m sure they know what their talking about. But…?

    • frezik@midwest.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 days ago

      The key pair you’re thinking of is just a singular key for a block cipher. That key needs to be generated/transmitted in a secure manner. Meaning that its security is dependent on the cert. The expiration time of that cert is what they’re aiming at.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 days ago

      I’m far from an expert on PKI, but isn’t the keypair used for the cert used for key exchange? Then in theory, if that key was compromised, it could allow an adversary to be able to capture and decrypt full sessions.

      • snowfalldreamland@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 days ago

        Im also not an expert but i believe since there Is still an ephemeral DH key exchange happening an attacker needs to actively MITM while having the certificate private key to decrypt the session. Passive capturing wont work

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    Interesting. I use LetsEncrypt largely for internal services, of which I expose a handful externally, and I’ve been thinking of only opening the external port mapping for cert renewals. With this at 90 days, I was planning on doing this once/month or so, but maybe I’ll just go script it and try doing it every 2-3 days (and only leave the external ports open for the duration of the challenge/response).

    I’m guessing my use-case is pretty abnormal, but it would be super cool if they had support for this use-case. I basically just want my router to handle static routes and have everything be E2EE even on my LAN. Shortening to 6 days is cool from a security standpoint, but a bit annoying for this use-case.

  • Laser@feddit.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    It’s kind of in line with their plan to get rid of OCSP: short certificate lifetimes keep CRLs short, so I get where they’re coming from (I think).

    90 days of validity, which was once a short lifetime. Currently, Google is planning to enforce this as the maximum validity duration in their browser, and I’m sure Mozilla will follow, but it wouldn’t matter if they didn’t because no provider can afford to not support chromium based browsers.

    I was expecting that they reduce the maximum situation to e.g. 30 days, but I guess they want to make the stricter rules optional first to make sure there are no issues.

  • 486@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    I understand their reasoning behind this, but I am not sure, this is such a good idea. Imagine Letsencrypt having technical issues or getting DDoS’d. If the certificates are valid for 90 days and are typically renewed well in advance, no real problem arises, but with only 6 days in total, you really can’t renew them all that much in advance, so this risk of lots of sites having expired certificates in such a situation appears quite large to me.

    • frezik@midwest.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      6 days ago

      I volunteer to help with IT at a makerspace, and I hesitate to go for 6 day expiration times. As volunteers, we can’t always fix problems in a timely way like paid IT staff could. We try to automate the hell out of everything, but certs have gone a day or two without getting updated before.

    • Justin@lemmy.jlh.name
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 days ago

      That’s true, but it would also have to be a serious attack for LE to be down for 3 entire days. There are multiple providers for automated certs, so you could potentially just switch if needed.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        7 days ago

        The attack would only need to last for a day or two, and then everyone requesting updated certs when it stops could push enough people outside the 6-day window to cause problems. 6 days is probably long enough to not be a huge issue, but it’s getting close to problematic. Maybe change to 15 days, which should avoid the whole issue (people could update once/week and still have a spare week and a day to catch issues).

  • hsdkfr734r@feddit.nl
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    When I look at the default list of trusted CAs in my browser, I get the feeling that certificate lifetimes isn’t the biggest issue with server certificates.

      • oldfart@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 days ago

        Yeah, now imagine pinning certs that change weekly.

        My first thought is that old school secure software (like claws-mail) treats a cert change as a minor security incident, asking you to confirm every time. Completely different school of thought.

        • jagged_circle@feddit.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          6 days ago

          You can pin to your own CA. Then it doesn’t matter if you want to update your certs frequently.

          • semi [he/him]@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            7 days ago

            I’m a developer and would appreciate you going into more specifics about which certificates you suggest pinning.

            • jagged_circle@feddit.nl
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              7 days ago

              I’m saying that if you’re a developer of software that communicates between two nodes across the internet, you shouldn’t rely on X.509 because the common root stores have historically been filled with compromised CAs, which would let someone with that CA decrypt and view the messages you send with TLS.

              You should mint your own certs and pin their fingerprints so that your application will only send messages if the fingerprint of the cert on the other end matches your trusted cert.