0

I never trusted and liked CA's and in fact I removed a lot of them from my devices. But now after this question I'm wondering if I should generate my own certificates for the sites I care (e.g, like my bank or github.com) I just feel I can't prolong my trust on CA's any more: they are susceptible to hacking (like any system), possible corrupt and they would try to hide their errors rather than disclose any flaws.

If MITM myself and the sites I care with my own certificates, will I make impossible to others to the same to me? Would this generate a security risk?

Freedo
  • 2,253
  • 5
  • 18
  • 28
  • 3
    Haha. Sorry, doesn't work like that. Man, I _wish_ it was that easy to just abandon the X.509 public key infrastructure. – Ajedi32 Jun 10 '15 at 19:00
  • You should look into Certificate Pinning if you want to mitigate the drawbacks of the current CA trust system. – Dillinur Jun 12 '15 at 08:58

3 Answers3

7

Unfortunately, this won't do anything to fix the problem, and might even make things worse for you if you don't set things up properly.

Certificates are designed to provide assurance that the public key your connection is encrypted with actually belongs to the server you are trying to connect to. It does this by using a signature from a third party certificate authority that your browser already trusts. Basically it's a signed statement from the CA saying "we have verified that this public key belongs to this website".

If you tell your browser "hey, don't trust those certificate authorities anymore, only trust certificates from the custom proxy/CA that I'm going to set up", it will, but then the question becomes: "how does this new CA decide which public keys belong to which websites"? You haven't solved the problem, just moved it. Moreover, if your custom CA isn't implemented properly it could open you up to other vulnerabilities (for example, by issuing certificates when it shouldn't, or tricking your browser into thinking a connection is encrypted when really it's not).

Unfortunately, until someone comes up with a better way for websites to distribute their public keys in a secure and verifiable way, we're stuck with CAs and the X.509 public key infrastructure.

Ajedi32
  • 4,637
  • 2
  • 26
  • 60
  • 2
    `You haven't solved the problem, just moved it. ` - and that touches one of the biggest lies we tech people tell ourselves and others: That technology can solve what are inherently people problems. Identity and trust aren't computer problems, they're people problems. – Clockwork-Muse Jun 11 '15 at 09:37
  • How dns servers can point an IP address of a specific server to a specific domain without needing a third party to verify if this ip is the right? Don't they do almost the same? – Freedo Jun 12 '15 at 06:56
  • @Freedom DNS servers don't need a third party to verify a domain matches an IP because DNS servers _are_ the final authority on what IP a domain name points to. Usually they get this IP from the owner of the domain directly. (E.g. When I'm setting up my website, I tell my DNS provider what IP they should point my domain to.) – Ajedi32 Jun 12 '15 at 13:14
  • 1
    @Freedom That being said though, DNS isn't a very secure system either. Your connection to a DNS server can be MITM'd just as easily as your connection to any other server; the connection isn't encrypted. Also, one fairly common method of conducting a MITM attack against a website is to use DNS cache poisoning to trick non-authoritative DNS servers into pointing a domain to the wrong IP. That way, when you visit google.com your DNS server actually gives you the attacker's IP. – Ajedi32 Jun 12 '15 at 13:18
5

IMHO you miss the idea of CA. You have on your computer/browser root certificates and as CA issue certificate to the bank for example they sign this public key with own key and with your root certificates you can check the validity of bank certificate.
If you create own CA and issue certificate to the bank how you think to make them install your certificate. Moreover one web host can use only one certificate in particular moment
Even if you set some MiTM infrastructure there should be at least one (MiTM) who trust those (existing) bank certificates

Romeo Ninov
  • 638
  • 5
  • 11
  • 1
    Does the OP miss the idea of the CA? If you terminate the SSL locally on a proxy and then encrypt it again using certs signed with your own (trusted) CA it would at least allow to *filter* the upstream certs/hosts/CAs that we accept. So if this is intended to work around too trusting browsers/OS, it could have merit. I.e. something like "certificate patrol" but as a proxy. Oh and of course one could check by other properties like the serial number of the certificate (similar to what certificate patrol allows). – 0xC0000022L Jun 10 '15 at 23:53
  • 2
    Yes, but in such case SSL proxy should have and trust CA root certificates – Romeo Ninov Jun 11 '15 at 03:18
  • 1
    it could also have serials and hashes of actual known certificates. No CA root certificates needed. Of course *some trust* is *still implied* even in that case. – 0xC0000022L Jun 11 '15 at 07:12
  • Hmm i like that, could i use something like Privoxy to filter and log all certificates for sites i visited? With time i could build a known list of certificates, this will still trust a little on CA's but would mitigate against sudden changes of certificates even if they are legit and certified by a rogue CA's right? – Freedo Jun 12 '15 at 07:03
  • @Freedom, yes, you can of course. And you can build a bundle of trusted (from your side) certificates. The small problem can be you should check the validity dates and take care about update. But there are cases when company decide to change certificate (short time a go happen with me) because CA decide to change (in my case signing algorithm) something. So you should monitor such cases and act as you think is appropriate – Romeo Ninov Jun 12 '15 at 07:22
1

Can i assume that if MITM myself and the sites i care with my own certificates i will make impossible to others to the same to me ?

In fact it would be probably easier as before for others to MITM you. Since you don't trust the existing CA system I assume that you don't want to use it to check the certificate of the sites before doing an MITM for yourself. Because of this anybody can do another MITM in front of you and you will simply accept the invalid certificate.

If you really don't trust the CA's you might simply remove them all and then you get a warning for each https site you want to access. You then get add this specific certificate as trusted. Of course you should only trust this certificate once you've verified that it is the correct certificate and you are not attacked by a man-in-the-middle already. Since you don't trust any CA's you need some way outside the CA system to verify the correctness of the certificate, which is probably hard to do.

A better way might be not do abandon the CA system completely but instead augment it with tools like Certificate Patrol.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424