2

This is a follow-up to other questions like "What makes Let's Encrypt secure?".

When I first run the Let's Encrypt (certbot) client on my server, it obtains a certificate by publishing a certain file on www.mydomain.example, which proves to the Let's Encrypt service that I really do control the website at www.mydomain.example. Now I have the certificate, visitors to https://www.mydomain.example will see a padlock icon.

  1. This indication would be meaningless if Mallory somehow gained the ability to serve pages from www.mydomain.example, since with that ability she could easily get a new certificate the same way I did. Previous answers have only said that the CA counters this possibility by validating my server from multiple locations around the world.
    Am I right in understanding that DV certificates rely on attackers not being able to hijack a DNS entry globally? Is that simply not considered to be a risk?

  2. It occurs to me that CAs could mitigate that risk by requiring that when I renew the certificate, as well as verifying that I control the domain, I must also prove that I have the previous certificate. Even if Mallory somehow steals my domain, she cannot get a new cert for it because she doesn't have the old private key.
    Do CAs do something along these lines?

Like most site admins, my main concern is simply to make the padlock icon appear, because users are increasingly warned to avoid sites without it. And, if I didn't use HTTPS, users on public wifi would be sending passwords etc in the clear. But it's still not clear to me what, if anything, that padlock should be assumed to prove.

bobtato
  • 186
  • 3

1 Answers1

2

DV certificates only validate that the certificate request for a given domain came from someone who has control over that domain. It validates nothing else. An attacker who can hijack your site's nameservers or otherwise take control of the domain's DNS settings will be able to get a DV certificate issued for them.

Avoiding this requires using a different (and more expensive) certificate, specifically OV (Organization Validation) or EV (Extended Validation). An OV certificate involves the CA verifying that you exist as a legal entity and have permission to run that domain, such as verifying that example.com is owned by Example Ltd. An EV certificate additionally verifies your physical presence, checks that you alone have exclusive control of of the domain, and ensures that you have legal authority to request a certificate. Naturally, these certificates are more expensive as their issuance cannot be automated like DV certs.

forest
  • 64,616
  • 20
  • 206
  • 257
  • 1
    But: if I load a web page from xyz.com, it is already a given that it will be served by whoever controls that domain. And for encrypting the connection, a self-signed certificate would work just as well. So, what additional security is the CA providing? – bobtato Feb 01 '19 at 10:45
  • It protects those who doesn't have knowledge on the correct self-signed sertificate against man-in-the-middle attacks. – Esa Jokinen Feb 01 '19 at 14:05
  • 1
    @bobtato "if I load a web page from xyz.com, it is already a given that it will be served by whoever controls that domain" Not true. It could be served by a malicious ISP, or by an attacker who contros of your router, for example. – Ajedi32 Feb 01 '19 at 17:21