The German government caused Let's Encrypt to issue fraudulent certificates to xmpp.ru and jabber.ru by physically intercepting the server's network connection. https://news.ycombinator.com/item?id=37961166
IMHO, those aren't fraudulent certificates; they established effective control of the hostname, which is all a certificate implies. They didn't have authorization from the owner of the domain, but Let's Encrypt doesn't include ownership information, so there's no fraud there. Of course, this means someone who can MITM a whole server can also have a certificate issued to show everyone they're authentic.
You could potentially protect against this by cert pinning to a CA that won't issue to an interloper, or possibly using CAA records in DNS if you can be confident your DNS won't be MITMed or changed out from under you buy your registry. DNSSEC helps, if your registry (and the root) won't fold under pressure, but not if they do ... and DNSSEC is in the top 3 causes of high profile DNS failures in my estimation.
Because browsers can require certificates to be in the certificate transparency logs to be valid. Chrome already does this. If a government convinces a CA to create a malicious certificate and publishes this cert to the CT logs to perform MITM, it will get found out and that CA can close its doors.
Also, if someones DOES have this ability and gets found out, e.g. someone finds the certificate, it makes it clear someone had that ability. You'll know that root CA is compromised one way or another and it potentially gets burnt.
Thus, they'll only use it under the strictest smallest of circumstances where the reward outweighs the risk, in a high profile scenario, rather than rolling it out willy nilly.
Similar to when threat actors use a 0day.. if they use it all the time it eventually gets discovered and fixed. If they save it for a special case they may manage to use it a couple of times before it gets patched.
Browsers enforce that certificates are signed by two independent CT logs. The public keys of which is shipped by the browser. So a MITM would need to compromise a trusted CA and two CT logs to be able to pull off an attack undetected. Maybe not impossible but much more difficult than just a single CA compromise.
The browser is verifying that the certificate appears in public certificate logs. So if a TLA forges a certificate (whether with the cooperation of a certificate provider, DNS provider or domain owner) that is now part of the public record. And if they do it with any domain that has enough eyeballs, someone would presumably notice. Not to mention that it's an easy way for agencies from rival countries to tip a reporter or security researcher off that it happened.
Of course in reality most browsers don't actually check the certificate logs but only require timestamps signed by certificate logs that prove that at least two certificate logs know of the certificate. A TLA that can pressure at least two logs to provide those timestamps without actually publishing the certificates isn't really stopped. But at least that widens the circle of people who have to be in on the conspiracy.
In a perfect world browsers would do spot checks against the actual certificate logs, and require that the signed timestamps are from logs that are unlikely to be influenced by the same actor (e.g. a Western, a Russian-sphere and a Chinese-sphere certificate log). Your guess why we don't do either is as good as mine
That would be compromising the domain owner, rather than the threat model of Certificate Transparency which is compromised Certificate Authorities, especially given the number of government owned, publicly trusted (sub-)CAs.
The Snowden leaks made it clear that so long as the government has the means and motive to perform some kind of surveillance, they'll do exactly that. It may not be through the exact methods people are suggesting, but rest assured it is happening.
That’s another foundation of conspiracy theory: one specific example can serve as evidence for universal truth. Sure, the specific claims of theory A might collapse, but it might as well be true because it could be true because of past example B that is along the same lines.
I don’t doubt there is secret government surveillance we’d all be upset about. I’m not willing to use that general belief to assert the truth of specific unsupported claims.
The Snowden leaks weren't one specific example, they were dozens, involving every single big US tech company of any significance, and involving tons of different methods of surveillance.
I think you underestimate how close big tech and telecom companies are to three letter agencies. See the "Protect America Act" of 2007 which covered everyone's asses for warrantless spying.
Wasn't it the FISA Amendments Act of 2008? Or did the Protect America Act of 2007 also have immunity provisions?
edit: oh I see, the immunity provisions were first introduced with the Protect America Act of 2007 but they had a sunset date under that law so they were later made permanent by the FISA Amendments Act of 2008.
Congress already granted retroactive immunity for telecoms acting in cooperation with the US government with the FISA Amendments Act of 2008. I don't see why they couldn't do the same for Microsoft (assuming the law doesn't already apply to them).
> Release from liability - No cause of action shall lie in any court against any electronic communication service provider for providing any information, facilities, or assistance in accordance with a directive issued pursuant to paragraph (1).
- Section 702, subsection h, paragraph 3;
> Release from liability - No cause of action shall lie in any court against any electronic communication service provider for providing any information, facilities, or assistance in accordance with an order or request for emergency assistance issued pursuant to subsection (c) or (d), respectively.
id be shocked as well, but the small paragraph doesnt seem to preclude it.
people make mistakes, equipment can have unexpected behaviour, and people lie.
im curious, about if this would be considered compelled speech if someone said no you cant MITM my service unless there is an extant activity of concern.
its gotta be addressed in other section or paragraph.
Oh, you mean like the time Microsoft was the first company in the Prism program uncovered by Snowden, later followed by Yahoo, Google, Facebook, YouTube, Skype, AOL, and Apple? The program allowing the NSA to decrypt any traffic* or data of these vendors? The publication of which had, like, no consequences for Microsoft or the others?
Yeah. I don't think they're really afraid of repeating that.
Microsoft is within US-legislation. So a three-letter agency already has the keys and their spyware is a signed UEFI module.