44 comments

[ 3.0 ms ] story [ 93.7 ms ] thread
The point about needing remediation channels is strong, but the rest of the argument seems overblown, considering (as the article points out).. it’s not like the private run CA industry is much better.
This implicitly validates and approves the insufficient diligence in private CA industry. If government wants improvements, it needs to mandate it, not approve current bad state.

Everybody is doing that, so we don't care doesn't work for security.

> If government wants improvements, it needs to mandate it, not approve current bad state.

They should really start with participating in the CA/B forum workgroups, instead of trying to reinvent (and mangle) the wheel.

They're mandating who your privately-owned computer must trust. That is a severe overstepping of boundaries, and the concern shown is, if anything, too small.
You misunderstand.

They are merely adding themselves to the defaults set by current manufacturers. End users are free to remove them.

Microsoft, Mozilla and others already provide you with a list of who you’re going to trust by default.

It would be more outrageous if the current CAs were some sort of gold standard, but the whole system is flawed.

> End users are free to remove them.

And browsers could create a "more secure" list of CAs, with governments CAs outside the list and a scary Accept the Risk page for everything outside the more secure list. Anyway, what happens when every government website use the new CAs and people will have to accept that because it's the only way to deal with government services? Every other site using those CAs will soon enjoy a free pass because of the Accept/Next/Next fatigue demonstrated by the last 30+ years of human computer interaction.

> End users are free to remove them.

Let's not pretend we don't know the power of defaults, or that we expect users to learn about and modify the obscure and technical innards of their browsers. Even expert users can be fooled, such as when the NSA bribed a company to default to a weak cipher [1].

> Microsoft, Mozilla and others already provide you with a list of who you’re going to trust by default.

If I use Firefox, I choose to trust Mozilla. But now, whichever browser I choose, I am forced to trust its maker and the government and intelligence agencies of every EU member state.

I can spend my limited time learning how to fix this, but is it legal to share my solution in a convenient form (such as a browser that by-default trusts CAs based on merit, not government order), or would that make me a browser vendor, and compel me to backdoor my software?

This is, in effect, prohibiting cooperation to fight surveillance.

> It would be more outrageous if the current CAs were some sort of gold standard, but the whole system is flawed.

I don't see how the current system being flawed makes a government mandate to default-trust hypothetical known-untrustworthy CAs less bad. It is a red herring - is a system being "flawed" justification for government intrusion? And does this intrusion even attempt to fix those flaws??

[1] https://www.theverge.com/2013/12/20/5231006/nsa-paid-10-mill...

The privately run industry is maybe a tiny bit better, but that's not the point.

The point is that the only way browsers have to influence a CA or the industry is the threat to eventually distrust. If they can't threaten that to government-stamped CAs, then those CAs no longer even have an incentive to operate responsibly, and, as we know from the many, many incidents, they almost certainly won't.

They could simply identify these like they did for EV certs. Whether you trust one of them more or less is then your choice, (certainly I wouldn't continue on a random e-shop with a country specific cert but I also don't like landing on a supposed government site that has a comodo cert and may want to sell me a green card) mediated by journalism and their ability to keep a better reputation than the lowest CA that still gets a lock.

If I had to guess, half of the least trustworthy CAs in the one-store-fits-all keystore are also government affiliated ones and we don't even get anything to differentiate them from any regular commercial cert.

Don't know about other member states, but here in Belgium the government ceded the governance of the Certificate Authority to the local branch of the US conglomerate Digicert.

eIDAS 2.0 should have forbidden that to start with.

The local government "ceded the governance" to the central government. /s
In this particular case, the local governments could have ceded the certificate handling to Digicert just as well. It's not like the locals are more digitally-knowledgeable.
So in effect, if one of these CA's issues a counterfeit certificate that is being used for MITM attacks, and a browser maker removes the CA from their trusted list, the browser maker could suffer legal consequences?

Is that correct?

That's how I interpret it.

Long story short, this isn't about asking browsers to ignore flawed procedures or lacking security. Incompetence is always a factor and this law won't allow for more incompetence than we're already used to from private CA's.

This is about preventing browsers from distrusting government-controlled CA's issuing certificates used to MITM traffic. EU's trying to do what Khazakhstan (IIRC, could be one of the other -stans) did a few years ago).

The so called "national security certificates". Sneaking in covert interception mechanisms into our technology, obfuscating it with bullshit names and government euphemisms. Will these governments ever stop their tyranny? Why can't they cease and desist on the cryptography matter? We don't want to be surveilled, we don't want them "regulating" this stuff.
I'm sure the intentions are good, but it's definitely a slippery slope.
I'm not sure at all. Actually I'd say it's nothing but a power grab. They love to preach about terrorists and children but what actually goes on is surveillance and criminalization of political opposition, dissenters, journalists, pretty much anyone that could threaten their power. It's literally happening in my country right now, thankfully not at Kazakhstan levels. At least not yet.
Of course not; the point of a state is to be the sole place where tyrannical powers can be found.

I'd like to say that in a democracy the use of such powers are limited, but every so often I find myself disappointed by news that such powers are directed at protesters in the UK, and my news about the US leans towards "gosh don't these police cars look suspiciously more capable than actual military vehicles".

For stuff like this, my main concern is that it creates an easy way for hostile agents (someone else's security agencies rather than our own) to break things that ought not to be breakable.

But, given that most people (including most criminals) are clueless about digital security, this kind of thing may genuinely be useful for breaking into otherwise-secret chat forums.

I can't balance these competing concerns. I really hope the people on our side ("security is good") are getting taken seriously by the agencies; but I don't have any reason to think that hope is anything more than wishful thinking.

We shouldn't balance any concerns, we should simply reject the idea that the governments should have any access at all. I'm convinced the whole purpose of the government granting itself these powere is to abuse them. There is no reason to accept this as legitimate.

The governments of the world are essentially our enemies. Encryption technology needs to start threat modeling with governments in mind. Cryptography must be so ubiquitous and undefeatable that it's impossible for any government to do anything about it short of nuking its own citizens.

I would love to be able to reject the idea of the government having any access, except I keep running into the messy reality of human nature.

Heck, I’d do away with governments existing and advocate anarchism, except for the messy reality of human nature.

> the point of a state is to be the sole place where tyrannical powers can be found

Sure, but that doesn't imply that we should create new tyrannical powers out of whole cloth, just so the state can have them. The more that power remains distributed, allowing the population freedom and self-determination, the better.

I wish what you say was possible, because I certainly like that world: my preference would be anarchy, except people keep disappointing me by finding new ways to dominate and rule — it seems (human) nature abhors a (power) vacuum.
Yeah, anarchy is a fundamentally impossible state. People naturally form groups because it increaes their chance of survival, every group of humans has rules, they cede power to leaders who solve their problems for them, people who don't like it will leave and join another group or become lone wolves.

The problem with governments is they dominate the entire earth. They force their social contract on us and we're forced to accept it just because we happened to be born somewhere. We can't just reject their power and rules: leaving is expensive, difficult or impossible and the only thing we can do is escape to another imperfect government.

Complete anarchy makes for an unachievable goal. What's possible is looking for ways to keep specific dynamics more anarchistic/free.

Sure, in a sense the dual authoritarian powers of government/capital are always going to be looking for ways to push into our lives, turn voluntary two party relationships into chaperoned/extractive three party ones, etc. But as individuals that wish to remain individuals living in a distributed society, our job is to push back.

In theory, this could be relatively easily circumvented with DANE. The problem is getting businesses to implement it for their domains when even simple things like SPF and DKIM is a complete mess aleready.
> relatively easily

Don't forget that DANE requires DNSSEC, which your DNS service provider must support (and switching DNS provider is not 'relatively easy').

Another problem with DNSSEC is that there are some people (and with 'some people' I mean tptacek) who are ferociously against it.

Also, TLSA records require maintenance. If you forget to update them you will break things. Had to rotate your keys unexpectedly? Well now you have to wait for DNS propagation and explain your boss that some of your customers may get scary warning messages for a few hours when they try to reach you, and there will be nothing you can do about it.

DANE does the opposite of circumventing this problem: it ratifies it. The DANE authorities are, de jure, the world governments that control the major DNS TLDs.
EU wants to be able to decrypt your private communications.
How is that? Are private CAs to be trusted more than gov issued CAs? The whole CA store idea seems a bit dated to me.
CAs that you choose to trust are more trustworthy than those you are compelled to trust. See RobotToaster's comment:

https://news.ycombinator.com/item?id=33967192

In practice users don't really choose which CA to trust. That choice is made by app and/or OS developers but I understand your point. That EU directive seems to force developers to accept EU's CA which is wrong of course.

Nevertheless this CA store distribution put us in this censorship situation. I think it should be moved further towards the service provider in a similar way webauthn works. The 3rd party CA makes the whole process vulnerable to rough CA providers or mandatory CA stores. Let's stop trusting 3rd parties with our security.

They can not, the same way Lets Encrypt can not decrypt your private communications.
Actually LE could. They would re-issue a new valid cert for your domain without removing the old one. That would enable a MITM attack.
One could either spam DNS responses at the LE clients or push bogus BGP routes towards LE, and quite probably other things. And you don’t even need LE’s help to do any of this.
Being able to force CAs to fix issues is important, but I hope nobody is supporting the EFF's drama about Extended Validation certificates: They're a good idea, DV is mostly pointless, and there's actually a new version of EV, the Verified Mark certificate, now being promoted to access new types of features like BIMI.

EV was never the wrong path, it just needs stricter checking mechanisms. Google wants people to dislike them because those checking mechanisms require humans and intentionally doesn't scale. (Good security does not scale, people who tell you it does are wrong.)

Users care that their website connection is secure and private. They don't care who owns the website. Even if they did, EV certs still let you bamboozle them: https://arstechnica.com/information-technology/2017/12/nope-...

On the other hand, Let's Encrypt has _securely_ issued billions of DV certs, automatically and for free, meaning millions of websites have gone from plaintext to TLS-secured. That has given the world a tangible increase in privacy and security, which is not "mostly pointless". An ideal future is that _every website in the world_ is TLS-secured, and the US Government loses its panopticon

This is completely wrong and lacks an attachment to the real world. People absolutely care if they're sending money to Wells Fargo, the real world bank, or a random dude named Well S. Fargo in some other country.

However, most users do not care if the US government can see their traffic. (Whether or not they should... not the point.) And MITM attacks aren't a practical concern for the vast majority of society in a real world sense.

EV certs do something largely useful. DV certs are mostly useless in practice but make tech nerds happy.

Mmmhmm, yes I'd definitely trust the "Stripe, Inc." website with the "Stripe, Inc." EV cert glowing green (actual url https://stripe.ian.sh/). Do you even read links? https://arstechnica.com/information-technology/2017/12/nope-...

EV certs are an expensive boondoggle that add little-to-no value over DV certs. It's why all browser makers (not just Google) dropped any special rendering for them. The real value is pervasive TLS.

Phishing and website impersonation should be tackled with a variety of practises, and EV certs don't really come into it. Your preferred search engine should give you the "real" Wells Fargo site if you search for that. Your browser history should have it. You can bookmark it. If you've clicked a phishing link and you're on wellsfargo.com.badguy.com instead of wellsfargo.com, don't you find it odd you can't auto-fill your user/password any more? Maybe you're on the wrong site? Oh yes, there on the URL bar is "wellsfargo.com.badguy.com", I see it now.

Can you imagine if we still had that awful special rendering for EV certs, and the wellsfargo.com.badguy.com owners incorporated "Wells Fargo" in Timbuktu and bought an EV cert for their legitimate business, and the entire URL bar was covered up with " Wells Fargo"... lol

> Mmmhmm, yes I'd definitely trust the "Stripe, Inc." website with the "Stripe, Inc."

This is merely an example of what I already stated: Validation practices and participation requirements need to be improved. I am well aware of this popular example.

> Do you even read links?

Please check the HN guidelines for conduct. I've actually already read all of the popular media on the topic.

> Your preferred search engine should give you the "real" Wells Fargo site if you search for that.

Google regularly serves malware as the "top search result", because Google Ads appear to be search results to average users, and advertisers can lie about the destination URLs in text ads. Bing is not better in this respect either. If you trust your search engine, you might as well just plaintext all your traffic anyways.

Sort of makes me wish the OpenPGP related Monkeysphere project was still a thing; website certs signed by the web of trust, instead of signed by CAs.

https://monkeysphere.info/

How can this be enforced if a browser maker is not based in the EU? Will the EU block downloads? If Linux distributions patch the browser to remove the govt certificates the maintainers will be breaching EU laws?

Probably at some point they will start mandating those CAs for broader categories of sites until they make the (EU) internet unusable for anyone that does not have the govt certificates.

Google, Mozilla, Apple, and Microsoft all have presence in the EU, and the EU can exert jurisdiction over them.

That gives control over the root stores for Chrome, Firefox, Safari, and Edge. (And the approximation of the Mozilla store used by most Linux distros, the root stores on macOS/iOS/etc, and the root store on Windows.)

I'm not aware of any other browsers worth considering.

Eidas is an annoyance for other reasons too IMHO - qualified trusted service providers are issuing authorities which are “qualified” by a national body. Their certificates may be self-signed, but may be intermediates which are signed by a root that is also used for non-qualified CA purposes.

Some authorities are granted an issuer-of-qualified-issuers status which allows them to issue both qualified and non-qualified sub-authorities. The data about all these issuing authorities is published in national lists which are signed by a national body, and these lists are then referenced in a Europe-wide list signed by a central authority, IIRC…

So validation becomes a bit of an issue - to tell if a certificate is qualified you need not only to perform normal x509 path validation but also validation against a parallel trust chain which branches off from the x509 chain at some point and resolves via a national list and then a master list to the eidas root.