If you are concerned by this proposals, then you should check out current CAs trusted by your browser - all those CAs can issue rogue certificates trusted by your browser, that can be used in MITM attack.
For example, CAs present in Firefox, that might give you pause: Beijing Certificate Authority, China Financial CA, Guang Dong CA
The CA system in browsers is inherently broken and it allows state actors to MITM you and see all your traffic if they:
1. have ability to capture IP traffic (requires cooperation with ISP)
2. have ability to generate rogue certificate via cooperation with CA
> 2. If a CA is discovered to have issued MitM certificates, they are swiftly distrusted by browsers.
Thats reassuring but, not knowing much about this, I have a couple of questions:
1. Is this proactively monitored for? And how? And by whom?
2. If a major state-level CA was discovered to have issued a mitm cert, would browser vendors really take the commercial hit of removing or distrusting their root cert?
> 2. If a major state-level CA was discovered to have issued a mitm cert, would browser vendors really take the commercial hit of removing or distrusting their root cert?
Symantec hadn't even issued MitM certs - they were just grossly incompetent. Distrusting them was very painful, but necessary to uphold the integrity of the CA system, and demonstrated conclusively that there is no such thing as a too-big-to-fail CA.
It looks like the Symantec distrusting was done with the cooperation of Symantec, which agreed to wind things down and transfer clients to a new provider in an orderly fashion?
If you're a domain owner monitoring your own domains, a certificate is suspicious if it was not issued by one of the CAs that you use (e.g. you use Let's Encrypt, but you see a certificate for your domain in CT that was issued by Certinomis). If you keep an inventory of all of your certificates, then you can also cross-reference certificates from CT against your inventory, and flag any certificate that isn't in your inventory.
If you're a security researcher monitoring other people's domains, you have to rely on heuristics - e.g. if a domain has a long history of getting certs from a major US CA, and then suddenly a tiny European CA issues them a certificate, that's pretty suspicious. When I found the example.com certificate misissued by Symantec, I though it was suspicious because it was also valid for subdomains like products.example.com and support.example.com, which don't make sense for a domain that's reserved for documentation purposes. ICANN operates example.com, so I emailed their security team to confirm that they did not authorize the certificate.
The system works best if domain owners are monitoring their own domains, because only they know for sure if a certificate is authorized or not.
In some very prominent countries there are laws with extreme consequences which not only prevent companies from contesting and not complying, but even prevent them ever disclosing such requests.
True, but then they will be found out and distrusted. So basically they'll lose business because of the government of the country they are established in.
That's your smoking gun? CAs that issued certificates for example.com and test.com? You genuinely believe that the only possibility here is a vast conspiracy to defraud and steal?
> You genuinely believe that the only possibility here is a vast conspiracy to defraud and steal?
Care to point out where I said that?
example.com and test.com are real domains, and their owners did not authorize those certificates to be issued, so issuing them was a serious breach of the trust which CAs are expected to uphold. Furthermore, the discovery of these certificates led to investigations which turned up additional issues which are documented in detail here:
> 2. If a major state-level CA was discovered to have issued a mitm cert, would browser vendors really take the commercial hit of removing or distrusting their root cert?
Pretty much every browser distrusted the root certificate from Spain's FNMT-RCM for a decade, so I think the answer's yes.
It's not like Beijing CA can issue a rogue certifcate and suddenly a malicious actor would be able to decrypt all your internet traffic. You would have to connect to a service that uses those certificates in the first place.
An interesting experiment would be to log all certificates used by the sites you normally use, say for a month, and then look at the list for anything shady. I have no ideia if an extension exists that would allow such and experiment, but the resulting list would be much more useful.
No, that's not needed at all. If the malicious actor can man-in-the-middle traffic to victimsite.com (say using a BGP hijack), they can serve HTTPS traffic to the end user from their MITM server, secured with a certificate issued to "victimsite.com" that is issued by their own CA, and the MITM can then in turn communicate to the real victimsite.com using HTTPS secured by the real site's certificate, signed by its own CA.
Now, there are CAA DNS records, which serve the purpose of restricting the CAs that can sign a particular domain, which would of course be ignored by the malicious actor, but _could_ be checked by the end user's browser. But to the best of my knowledge, no browser does that.
But if your own government tells your own isp to reroute just your traffic over some MITM proxy, it's only you there to notice, and most probably, you won't.
You are correct that no browser is looking at CAA records, because it would be wrong to do so. CAA records don't retroactively revoke certificates that have already been issued. Their only purpose is for CAs to check them before issuing a certificate.
In the case of mainland China, it’s easy for the Party 1) issue a malicious certificate and 2) redirect your Internet traffic to MITM box. They do 2) for all the time when blackholing Internet traffic.
With certificate logs there is a chance, I don’t know how high, to catch 1).
You lose nothing, gain nothing. It's hard for china to reroute your traffic, and even if they did, what can they do to you after that?
It's your own government that can actually do something bad to you.
(unless you're doing some really really nasty stuff, and china wants to eliminate you for those reasons, and is willing to create a large international incident because of that).
>and even if they did, what can they do to you after that?
An example of what China can do is they can have their workers put pressure on you. Often this pressure is soft, nothing as direct as 'do X or we hurt you with Y'. And often the request, at least at the start, is for something legal and only a bit unethical if even that. A little information to help win a contract, maybe a way to advertise to you why you should go with their vendor for a product, maybe just asking you if a specific coworker seems to have any interest in some odd topic or passing you a resume of someone who seems a good fit for the job. If they can they'll push for more with increasing levels of silver and lead, and if not, they use what they did get to pressure elsewhere.
Unless it's gotten better, it's super easy for China.. My traffic to EU World of Warcraft servers got hijacked all the time. I don't know if it was malicious or just incompetent Chinese ISPs, but you feel that extra latency when it goes through China.
But this wasn't a bgp redirect, this was blizzard doing something... if chinese telcos acted as if they were blizzard telcos, there would be bgp filters and a lot of outrage in a matter of minutes. This is not a small deal.
I think this is a matter of assumption. For communication through mainland China, one should assume that all internet traffic is actively surveilled with probably way easier methods than CAs. On the other hand, this assumption is definitely not as true in the EU, nor do I think the Chinese government forces Firefox to trust CAs by law (talking about irony)….
The browser/CA forum’s requirement to log all issuances into the CT log takes care of this; the EU mandate hardly has such requirements while still mandating the inclusion of root certs. The approach of the browser/CA forum vs EIDAS cannot be equated for this reason.
For example, CAs present in Firefox, that might give you pause: Beijing Certificate Authority, China Financial CA, Guang Dong CA
The CA system in browsers is inherently broken and it allows state actors to MITM you and see all your traffic if they: 1. have ability to capture IP traffic (requires cooperation with ISP) 2. have ability to generate rogue certificate via cooperation with CA