(follow.agwa.name)

482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0.239s | source

Show context

MattPalmer1086 ◴[01 Dec 24 10:35 UTC] No.42287582[source]▶

Things like this make me wonder why certificates are not also signed by the certificate owner.

Right now, a CA can issue a certificate for any public key and domain they like. A rogue trusted CA can intercept all traffic.

If a certificate also included a signature by the owner of the public key signed by the CA (using their private key, signed over the CA signature), then a CA would no longer have this ability.

What am I missing?

replies(3): >>42287627 #>>42287710 #>>42292346 #

rhplus ◴[01 Dec 24 11:03 UTC] No.42287710[source]▶

>>42287582 #

> What am I missing?

The chain of trust for all the certificates in your example is established by trusting the rogue CA root certificate. The CA (or a bad actor who misled the CA through real-world fraud) could be the “owner” of the key pair you’re trusting for the second signature.

replies(2): >>42288696 #>>42288799 #

1. ◴[01 Dec 24 14:48 UTC] No.42288696[source]▶

>>42287710 #

↑

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com