Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)

238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0s | source

Show context

nimbius ◴[05 Jan 22 15:43 UTC] No.29810343[source]▶

you should not use wildcards or letsencrypt for internal authentication as its insecure for a few reasons.

0. implicit reliance on a network internet connection means any loss of ACME to the letsencrypt CA makes renewal of the cert or OCSP problematic. if the internet goes down, so does much of the intranet nonreliant upon it.

1. wildcard certs make setting up an attack on the network easier. you no longer need an issued cert for your malicious service, you just need to find a way to get/use the wildcard. you should know your services and SANs for the certs. these should be periodically audited.

replies(3): >>29810446 #>>29810610 #>>29811791 #

Macha ◴[05 Jan 22 15:51 UTC] No.29810446[source]▶

>>29810343 #

1. Renewal is scripted to try every day for 30 days in advance with most common utilities. If lets encrypt and all other acme hosts are down for 30 days, I think you have bigger issues.

2. If you can't secure a wildcard cert, how does the same problem not apply to a root CA cert, which could also then do things like sign google.com certs that your internal users trust, which feels strictly worse. (I know there are cert extensions that allow restricting certs to a subdomain, but they're not universally supported and still scoped as wide as a wildcard cert).

replies(3): >>29810533 #>>29810679 #>>29812834 #

nimbius ◴[05 Jan 22 15:56 UTC] No.29810533[source]▶

>>29810446 #

OCSP is still a problem, as youll need to either proxy a local ocsp response during outages or disable validation entirely. microservices in an aws partial outage, for example, would suffer here.

a root CA cert is stored in a gemalto or other boutique special HSM. it has an overwhelming security framework to protect it (if its ever online.) security officers to reset pins with separate pins, and an attestation framework to access its functions through 2 or more known agents with privileges separated. even the keyboard connected to the device is cryptographically authenticated against the hardware to which it connects.

commonly your root is even offline, unavailable (locked in a vault) and only comes out for new issuing CA's.

replies(1): >>29811440 #

1. Macha ◴[05 Jan 22 16:54 UTC] No.29811440[source]▶

>>29810533 #

> a root CA cert is stored in a gemalto or other boutique special HSM. it has an overwhelming security framework to protect it (if its ever online.) security officers to reset pins with separate pins, and an attestation framework to access its functions through 2 or more known agents with privileges separated. even the keyboard connected to the device is cryptographically authenticated against the hardware to which it connects.

There are many organisations not large enough to justify this setup, for which Lets Encrypt is clearly safer than a custom root CA.

↑