←back to thread

Stop Breaking TLS

(www.markround.com)
170 points todsacerdoti | 5 comments | 10 Dec 25 07:06 UTC | HN request time: 0s | source
Show context
account42 ◴[10 Dec 25 09:06 UTC] No.46215635[source]
> Consider this - what is the likelihood of every certificate authority on the Internet having their private keys compromised simultaneously? I’d wager that’s almost at the whatever is the statistics equivalent of the Planck length level of probability.

It doesn't matter if every certificate authority is compromised or just one. One is all that is needed to sign certificates for all websites.

replies(2): >>46215668 #>>46216034 #
mark_round ◴[10 Dec 25 09:12 UTC] No.46215668[source]
Author here, hi! Was just venting last night, but that's a very good point, I'll update it later with your correction :)
replies(1): >>46215764 #
acer4666 ◴[10 Dec 25 09:26 UTC] No.46215764[source]
You should make it about CT logs. I believe you need to compromise at least three of them.
replies(2): >>46216043 #>>46216386 #
tialaramex ◴[10 Dec 25 10:09 UTC] No.46216043[source]
The whole point of the logs is that they're tamper-evident. If you think the certificate you've seen wasn't logged you can show proof. If you think the logs tell you something different from everybody else you can prove that too.

It is striking that we don't see that. We reliably see people saying "obviously" the Mossad or the NSA are snooping but they haven't shown any evidence that there's tampering

replies(2): >>46217128 #>>46217299 #
dns_snek ◴[10 Dec 25 13:13 UTC] No.46217299[source]
> We reliably see people saying "obviously" the Mossad or the NSA are snooping but they haven't shown any evidence that there's tampering

Why would they use the one approach that leaves a verifiable trace? That'd be foolish.

- They can intercept everything in the comfort of Cloudflare's datacenters

- They can "politely" ask Cloudflare, AWS, Google cloud, etc. to send them a copy of the private keys for certificates that have already been issued

- They either have a backdoor, or have the capability to add a backdoor in the hardware that generates those keys in the first place, should more convenient forms of access fail.

replies(1): >>46223979 #
tialaramex ◴[10 Dec 25 21:16 UTC] No.46223979{3}[source]
> Why would they use the one approach that leaves a verifiable trace?

It is NSA practice to avoid targets knowing for sure what happened. However their colleagues at outfits like Russia's GRU have no compunctions about being seen and yet likewise there's no indication they're tampering either.

Although Cloudflare are huge, a lot of transactions you might be interested in don't go through Cloudflare.

> the hardware that generates those keys in the first place

That's literally any general purpose computer. So this ends up as the usual godhood claim, oh, they're omniscient. Woo, ineffable. No action is appropriate.

replies(1): >>46224709 #
dns_snek ◴[10 Dec 25 22:17 UTC] No.46224709{4}[source]
That's the most naive take I've read online this year.

So your stance is that spy agencies aren't spying on us because if they were, we'd know about it?

replies(1): >>46230542 #
tialaramex ◴[11 Dec 25 12:26 UTC] No.46230542{5}[source]
Your "I bet they're God" stance is even more naive. They're not God, they've got a finite budget both in financial terms and in terms of what will be tolerated politically.

Of course spooks expend resources to spy on people, but that's an expenditure from their finite budget. If it costs $1 to snoop every HTTP request a US citizen makes in a year, that's inconsequential so an NSA project to trawl every such request gets green lit because why not. If it costs $1000 now there's pressure to cut that, because it'll be hundreds of billions of dollars to snoop every US citizen.

That's why it matters that these logs are tamper-evident. One of the easiest ways to cheaply snoop would be to be able to impersonate any server at your whim, and we see that actually nope, that would be very expensive, so that's not a thing they seem to do.

replies(1): >>46235281 #
1. dns_snek ◴[11 Dec 25 18:44 UTC] No.46235281{6}[source]
That's never been my stance because there's a difference between mass surveillance and targeted surveillance. If you understood that then you wouldn't be getting lost and making silly references to "God".

I don't believe that the NSA is omniscient. I believe they have 95% of data on 95% of the population through mass surveillance, and 99.9% of data on 99.9% of people of interest through targeted surveillance.

You think abusing public CAs for mass surveillance is a genius idea, and that its lack of real-world abuse proves that mass surveillance just doesn't happen - full stop.

Unfortunately you fail to consider that if they tried to do this just once, they would be detected immediately, offending CAs would be quickly removed from every OS and browser on the planet, the trust in our digital infrastructure would be eroded, impacting the economy, and it would likely all be in exchange for nothing.

On the other hand if you're trying to target someone then what's the point of using an attack that immediately tips off your target, that requires them to be on a network path that you control, and that's trivially defeated if they simply use a VPN or any sort of application-layer encryption, like Signal? There is none.

replies(1): >>46242766 #
2. tialaramex ◴[12 Dec 25 10:32 UTC] No.46242766[source]
> They either have a backdoor, or have the capability to add a backdoor in the hardware that generates those keys in the first place

> That's never been my stance

It took you about a day to go from being absolutely sure of a thing, to absolutely sure you've never believed that thing.

replies(1): >>46242852 #
3. dns_snek ◴[12 Dec 25 10:47 UTC] No.46242852[source]
The first quote was about them having nearly unlimited power for targeted surveillance and the second was about not having such power for mass surveillance. You keep confusing them.

Just stick to your original claim that I responded to - I addressed it in the second half of my previous comment which you glossed over.

replies(1): >>46244252 #
4. tialaramex ◴[12 Dec 25 14:05 UTC] No.46244252{3}[source]
There's no "nearly" in your statement. "a backdoor, or have the capability to add a backdoor in the hardware that generates those keys" is the same God powers claim again. If you now want to water it down with enough caveats it's nothing, this reminds me of how people go from "In lab conditions we can do a timing attack on the electronics from a FIDO key" to imagining that outfits like this just routinely bypass FIDO and so it's worthless.

It's very difficult and expensive to attack our encryption technologies, and so it's correspondingly rare. We are, in fact, winning this particular race.

Encryption actually works not because surveillance is now utterly impossible but because it's expensive. How you went from my pointing out that there's no evidence of this mass surveillance to the idea that I'm claiming these outfits don't conduct targeted surveillance at all I cannot imagine.

replies(1): >>46245159 #
5. dns_snek ◴[12 Dec 25 15:41 UTC] No.46245159{4}[source]
> How you went from [...] to the idea that I'm claiming these outfits don't conduct targeted surveillance at all

Again, I didn't. You concluded that the lack of evidence of public CA abuse indicates lack of surveillance, full stop, as if that's the only viable way of conducting surveillance. Here's a reminder:

> It is striking that we don't see that. We reliably see people saying "obviously" the Mossad or the NSA are snooping but they haven't shown any evidence that there's tampering

That's a reasonable observation with an unsupported and faulty conclusion. It doesn't even matter whether you meant mass surveillance (preceding context) or targeted surveillance here because the conclusion is bunk either way. I discussed that earlier but you keep glossing over it in favor of these absurd tangents.