[liberationtech] How to protect users from compelled fake ssl certs?
Guido Witmond
guido at witmond.nl
Tue Jul 2 02:36:50 PDT 2013
On 02-07-13 05:51, Anthony Papillion wrote:
> What is the most effective way to protect users against a compelled
> fake certificate attack? Since any CA can issue any cert and any US
> based CA could probably be compelled to issue a fake CA, how can we
> protect against this?
>
> My initial thought would be to publish the certificate fingerprint on
> a website and encourage users to verify that what they have matches
> every now and then. But this is a huge hassle for users.
Yes, that's the way it is done.
Check
http://perspectives.project.org;
Transparency: http://www.certificate-transparency.org/;
or others.
>
> Are there any better ways?
Publish the sites' TLS certificate in DNSSEC with DANE. Or use the CAA
proposal.
DANE: https://tools.ietf.org/html/rfc6698
CAA: https://tools.ietf.org/html/rfc6844
The difference is: (from the CAA-rfc)
Like the TLSA record defined in DNS-Based Authentication of Named
Entities (DANE) [RFC6698], CAA records are used as a part of a
mechanism for checking PKIX certificate data. The distinction
between the two specifications is that CAA records specify an
authorization control to be performed by a certificate issuer before
issue of a certificate and TLSA records specify a verification
control to be performed by a relying party after the certificate is
issued.
Guido.
More information about the liberationtech
mailing list