Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How to protect users from compelled fake ssl certs?

Guido Witmond guido at witmond.nl
Tue Jul 2 02:36:50 PDT 2013


On 02-07-13 05:51, Anthony Papillion wrote:
> What is the most effective way to protect users against a compelled
> fake certificate attack? Since any CA can issue any cert and any US
> based CA could probably be compelled to issue a fake CA, how can we
> protect against this?
> 
> My initial thought would be to publish the certificate fingerprint on
> a website and encourage users to verify that what they have matches
> every now and then. But this is a huge hassle for users.

Yes, that's the way it is done.

Check
http://perspectives.project.org;
Transparency: http://www.certificate-transparency.org/;
or others.


> 
> Are there any better ways?

Publish the sites' TLS certificate in DNSSEC with DANE. Or use the CAA
proposal.

DANE: https://tools.ietf.org/html/rfc6698
CAA: https://tools.ietf.org/html/rfc6844

The difference is: (from the CAA-rfc)

   Like the TLSA record defined in DNS-Based Authentication of Named
   Entities (DANE) [RFC6698], CAA records are used as a part of a
   mechanism for checking PKIX certificate data.  The distinction
   between the two specifications is that CAA records specify an
   authorization control to be performed by a certificate issuer before
   issue of a certificate and TLSA records specify a verification
   control to be performed by a relying party after the certificate is
   issued.

Guido.



More information about the liberationtech mailing list