So this video explains how https works. What I don’t get is what if a hacker in the middle pretended to be the server and provided me with the box and the public key. wouldn’t he be able to decrypt the message with his private key? I’m not a tech expert, but just curious and trying to learn.
Most browsers trust many certificate authorities from all over the world.
Any of them could…
…and yes, it has happened already.
HTTPS as most of us use it today is useful, but far from foolproof. This is why various additional measures, like certificate pinning, private CAs, and consensus validation are sometimes used.
I urge everybody to read up on CAA records in DNS and add them to your domains. They basically say what CA the certs for that domain are supposed to come from. Even if another CA issues valid certs for the domain they would be rejected if they don’t match the CAA în DNS. It takes 5 minutes.
You can specify the valid CA in the form of its representative domain, for example to allow Let’s Encrypt you’d add
0 issue "letsencrypt.org". If you want to allow multiple CA you add multiple CAA records. They enter into effect if at least one CAA record is present. You can also restrict the challenge type, for example0 issue "letsencrypt.org;validationmethods=dns-01".Please note that this is worth adding a CAA record even if you don’t use your domain for HTTP and you don’t issue any certs for it, because a rogue CA can do it for you. You can add a blank CAA record (
0 issue ";") which basically forbids any CA.(And yes, this also applies to email. It’s worth adding restrictive records even if you don’t use your domain for email.)
They mean CAA records:
https://developers.cloudflare.com/ssl/edge-certificates/caa-records/
Right, I’ll fix it.
Thats why we now have certificate transparency reports and CA-records.
Sure not perfect, but at least with a compliant CA it wont just happen in the dark.
At some point you have to trust someone.
It is indeed true that some CAs have seriously misbehaved; however, browser builders are rather strict on the presence of the CAs they trust. Misbehaving or even simple errors are reasons for getting kicked out, after which certificates signed by those CAs are now no longer valid.
The certs are still valid.
They are just not implicitly trusted
You are technically correct, best kind of correct
I’m somewhat skeptical. What if LetsEncrypt decided to misbehave tomorrow? Would the browsers have the guts to shut it down and break all sites using it?
Yes, they will. We’ve seen it before in mostly less serious cases: Diginotar, Türktrust, Symantec, etc. As brittle as the CA system can be, when there is real enough trouble, CAs do get revoked.
That can be helpful if a transgression is noticed, and it’s not orchestrated by a higher authority (e.g. government), and the damage isn’t already done.
Of course, browser builders are vulnerable to influence, attack, accidents, questionable judgment, and blind spots just as certificate authorities are.
I agree, it’s far from perfect.
This is slightly off-topic but I was thinking about it and all of thoes isues can be solved by utilizing blockchain. Imagine a world where instead of CAs, decentralized domain (unstoppable domains, ENS etc.) owners publish their pub keys to the blockchain, the client can than query multiple nodes or store the chainstate locally. When establishing a connection client sends a secret handshake message + clients’ pub key encrypted with domains’ pub key. To complete the handshake server responds with the same secret message encrypted with clients’ pub key.
How are you ensuring the public key retrieved from the blockchain is legitimate?
You’re just removing the semi trustworthy CA and replacing it with the less trustworthy blockchain. Unless you’re proposing encrypting the blockchain connection, maybe they could use TLS?
It seems to me like a MITM hacker can just redirect all requests to a Blockchain node towards their malicious node.