Acme, a brief history of one of the protocols which has changed the Internet

Posted by coffee-- 1 hour ago

Acme, a brief history of one of the protocols which has changed the Internet(blog.brocas.org)

41 points | 16 comments

stavros 23 minutes ago|

Let's Encrypt did more for privacy than any other organization. Before Let's Encrypt, we'd usually deploy TLS certificates, but as somewhat of an afterthought, and leaving HTTP accessible. They were a pain to (very manually) rotate once a year, too.

It's hard to overstate just how much LE changed things. They made TLS the default, so much that you didn't have to keep unencrypted HTTP around any more. Kudos.

gorgoiler 1 hour ago||

Thank you Let’s Encrypt, you changed the world and made it better.

Sorry to everyone else who was listening in on the wire. Come back with a warrant, I guess?!

simonw 34 minutes ago|

Seriously, talk about impact. That one non-profit has almost single-handedly encrypted most of the web, 700 million sites now! Amazing work.

gerdesj 32 minutes ago||

I remember deploying SSL on NetWare in the late 1990s and being given ... something that the US allowed to be exported as a munition!

I don't recall the exact details but it was basically buggered - short key length. Long enough to challenge a 80386 Beowulf cluster but no match for whatever was humming away in a very well funded machine room.

You could still play with all the other exciting dials and knobs, SANs and so on but in the end it was pretty worthless.

tiagod 21 minutes ago|

A few years ago a client of mine gave me a big-ish APC UPS. I recently got new batteries for it after the outage here in Portugal, and to turn on SSH I had to agree that I was not a terrorist organisation's nor in a country where encryption can not be exported to.

stavros 18 minutes ago||

I'm glad it had that. If you were, say, a member of ISIS and used the UPS, they'd be able to successfully sue you for breach.

kuil009 1 hour ago||

Thank you for your service

wakawaka28 34 minutes ago|

Has anyone considered the possibility that a CA such as Let's Encrypt could be compromised or even run entirely by intelligence operatives? Of course, there are many other CAs that could be compromised and making money off of customers on top of that. But who knows... What could defend against this possibility? Multiple signatures on a certificate?

neilv 13 minutes ago||

Even funnier, if one SIGINT team built a centralized "encryption everywhere" effort (before sites get encryption elsewhere), but that asset had to be need-to-know secret, so another SIGINT team of the same org, not knowing the org already owned "encryption everywhere", responded to the challenge by building a "DoS defense" service that bypasses the encryption, and started DoS driving every site of interest to that service.

(Seriously: I strongly suspect that Let's Encrypt's ISRG are the good guys. But a security mindset should make you question everything, and recognize when you're taking something on faith, or taking a risk, so that it's a conscious decision, and you can re-evaluate it when priorities change.)

wakawaka28 8 minutes ago||

Sounds like Cloudflare honestly. There are many issues with CA trust in the modern Internet. The most paranoid among us would do well to remove every trusted CA key from their OS and build a minimal set from scratch, I suppose. Browsers simply make it too easy to overlook CA-related issues, especially if you think a CA is compromised or malicious.

dbt00 28 minutes ago||

A signature on a certificate doesn't allow CA to snoop. They need access to the private key for that, which ACME (and other certificate signing protocols in general) doesn't share with the CA.

wakawaka28 19 minutes ago||

I know that. But presumably, Let's Encrypt could participate in a MITM attack since they can sign another key, so that even the visitor who knows that you use them as a CA can't tell there is a MITM. Checking multiple signatures on the same key could raise the bar for a MITM attack, requiring multiple CA's to participate. I can't be the first person to think of this. I'm not even a web security guy.

It might be interesting for ACME to be updated to support signing the same key with multiple CA's. Three sounds like a good number. You ought to be able to trust CA's enough to believe that there won't be 3 of them conspiring against you, but you never really know.

336611629 2 minutes ago|||

This problem was solved in the mid 2010s by Certificate Transparency. Every issued certificate that browsers trust must be logged to a public append-only certificate transparency log. As a result, you can scan the logs to see if any certs were issued for your domain for keys that you don't control (and many tools and companies exist to do this).

ryandv 16 minutes ago|||

The signing keys used by the Certificate Authority to assert that the client (leaf) certificate is authentic through cryptographic signing differ from the private keys used to secure communication with the host(s) referenced in the x509 CN/SAN fields.

wakawaka28 12 minutes ago||

I know that. At issue is the fact that the signing keys can be used to sign a MITM key. If there were multiple signatures on the original key, it would (or could) be a lot harder to MITM (presumably). Do you trust any CA enough to never be involved in this kind of scandal? Certainly government CA's and corporate CA's MITM people all the time.

Edit: I'm gonna be rate limited, but let me just say now that Certificate Transparency sounds interesting. I need to look into that more, but it amounts to a 3rd party certificate verification service. Now, we have to figure out how to connect to that service securely lol... Thanks, you've given me something to go read about.

coffee-- 10 minutes ago||

This is where Certificate Transparency -- and it being mandatory for browser trust -- comes in to save the day.