←back to thread

Let's Encrypt is 10 years old now

(letsencrypt.org)
491 points gslin | 4 comments | 20 Nov 24 06:13 UTC | HN request time: 0.918s | source
Show context
CarpaDorada ◴[20 Nov 24 07:54 UTC] No.42191672[source]
A lot of people are not aware that HTTPS certificates do not necessarily guard you from certain types of attacks like DNS injection. You can see <https://www.youtube.com/watch?v=exy5JwAU8qk> for one example where an attack campaign called DNSPionage obtained valid certificates for their attacks.

To explain the issue with HTTPS certificates simply, issuance is automated and rests on the security of DNS, which is achieved via DNSSEC and most do not implement.

replies(1): >>42191931 #
1. ta1243 ◴[20 Nov 24 08:44 UTC] No.42191931[source]
Technically it's an attack against the certificate issuing authority, bypassing their authorisation checks (is this person really authorised to issue a certificate for the domain).

Trouble is even CAA entries won't help here (if you're spoofing A records, you can spoof CAA records too). DNSSEC might help against this, I don't know enough about DNS though.

Another type of attack is an IP hijack, which allows you to pass things like http authentication (the normal ACME method), but won't bypass CAA records. Can't use letsencrypt to issue a cert - even if you own the IP address my A or AAAA records point to - if my CAA doesn't have letsenctypt as an approved issuer.

replies(1): >>42192092 #
2. CarpaDorada ◴[20 Nov 24 09:15 UTC] No.42192092[source]
With DNSSEC you can be certain that the response you got was issued by the nameserver that is claimed (well, by someone who owns the private key). The domain owner, and registrar can both be at fault, the CA is the last entity to blame because they are performing an automated check of domain ownership. For maximum security you'd want to buy your own TLD as my YT video talks about, to circumvent any other registries, registry wholesalers, and registrars' security models, but an adequate protection for most is to use registry/registrar lock and implement DNSSEC correctly. IP hijack will then not work when all of the above is done correctly.

Another option is manual certificate issuance with a CA whose security model is better than yours, but not implementing DNSSEC leaves you open to other attacks.

replies(1): >>42200494 #
3. tptacek ◴[21 Nov 24 02:32 UTC] No.42200494[source]
Misissuance from direct DNS spoofing basically never happens. When the DNS is used to misissue a certificate, what has normally happened is a registrar account has been phished. Direct DNS spoofing is an exotic attack. Further: DNSSEC has only a partial fix for it, and the WebPKI has non-DNS-dependent mitigations (most obviously CT, but also multi-perspective DNS lookup, which is apparently going to be a BR next year).

Generally speaking, setting up DNSSEC is probably a bad move for most sites.

replies(1): >>42202358 #
4. ta1243 ◴[21 Nov 24 08:51 UTC] No.42202358{3}[source]
CT is great, but you do need to look for certificates issues for your domains