If this is true, and that NSA has been MITMing providers like Google, they are undermining the already shabby trust the US cloud-industry has attempted to build. I doubt Google and friends are very happy about that, since that's their one big basket where all the money comes in.
NSA in their eagerness to do rampant spying on everyone have had quite some collateral. They have decided to compromise the one thing which allows us to communicate securely on the internet: trust.
Right now we need to find out which (root?) CAs are compromised by the NSA. Long term it would probably be a very wise decision to revoke any US-based CA from the default trusted-list of browsers and OSes.
We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.
Edit: As I've been pondering for a while (and which was also pointed out on reddit) we now have a situation where self-signed certs are more secure than CA-issued ones. They are the only ones you know can't be faked. How backwards is that?
The NSA is ruining the internet one piece at a time. The NSA needs to be dismantled.
The HSTS commits /maybe/ suggest that Google thinks a Verisign intermediate was signing MITMs for Google properties. They just blacklisted "VeriSignClass3SSPIntermediateCA"
if that's the case, how did they get the private key from verisign? was it stolen? did verisign simply give them it? or was it obtained under some kind of legal process? if it was under a legal process, doesn't this raise additional questions about the judicial overview - did they realise how broad this was?
Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.
How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”
Sounds like there are plenty of possibilities: they have agents working at verisign/they broke into verisign (either physically or electronically)/they just asked and verisign said ok/they used legal processes.
Didn't Assange say in a (secretly?) recorded video where he was talking with Schmidt and another person that while the Americans got trusted root keys from Diginotar, the Chinese hacked Verisign and grabbed their root keys? I'll see if I can find the video.
I don't get why everybody talks about Verisign or others giving them "keys". The NSA just need certificates for their own key, right? The only private key that Verisign could give them would be their signing key, which seems much too powerful and central for a signing authority to hand out.
Didn't the slides show that it was the Diginotar compromise?
> We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.
The entire CA trust model is broken. In the trust model, any CA can issue certs for any domain; so a Chinese CA could issue Google certs, or a US CA could issue certs for the Dutch government.
Self-signed certs with certificate pinning are indeed more likely to be secure than CA certs. Of course, you can do both; CA signed certs (which does add a small amount of trustworthiness, as the CA is at least supposed to do a little work to verify a real-world identity), and use certificate pinning to avoid this kind of attack.
DANE[0] (in combination w/ DNSSEC[1]) is starting to sound really good right about now... except that, you know, the U.S. also runs several root nameservers.
Root servers simply serve the content for the root zone, ICANN generates the contents of the root zone and signs it using an elaborate system of trust: http://dns.icann.org/ksk/
This. In a recent post a commenter discussed how Bruce uses a machine not connected to any network ever for highly sensitive material. The problem with that is we really have no adequate indication of exactly what in all of this is really compromised. The conspiracy theorist in me suggests the whole of the internet in all its layers have been nurtured by our government. Exactly what part of that the NSA was involved in seems irrelevant. I have to wonder which operating systems, which network devices or any other devices that can run code and listen in.
The only advice if any of it were true would be to scrap it all and start over. Scrap multiple decades of work by really smart people due to a few "bad seeds" being planted during the harvest? Unfortunately that's the only true remedy unless someone can really unwind the rootkit in our lives that is the NSA. It's an analogy of a computer being infected with a virus. Do we try to go back to a backup we hope isn't compromised or do we reformat and start over? We're all trying the former because I don't think anyone really has a grasp on or even wants to think about the latter (I certainly don't).
> Right now we need to find out which (root?) CAs are compromised by the NSA.
Given that basically all CAs people actually use (even in Europe) are owned by US companies, I would estimate something close to 100% of them have cooperated with the NSA at some point. Obviously there are non-US CAs like China's CNNIC but most of them won't actually sell you a certificate.
We already know that we can't trust most major US companies. What compromised CAs mean is that we also can't even trust non-US companies due to our dependence on US CAs for TLS to actually be usable.
For what it's worth Moxie Marlinspike gave a talk a few years back about some of the major issues with SSL as it is and had an anecdote about how bad Verisign's security is including the fact that they had a major breach in which several certs were taken.
NSA in their eagerness to do rampant spying on everyone have had quite some collateral. They have decided to compromise the one thing which allows us to communicate securely on the internet: trust.
Right now we need to find out which (root?) CAs are compromised by the NSA. Long term it would probably be a very wise decision to revoke any US-based CA from the default trusted-list of browsers and OSes.
We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.
Edit: As I've been pondering for a while (and which was also pointed out on reddit) we now have a situation where self-signed certs are more secure than CA-issued ones. They are the only ones you know can't be faked. How backwards is that?
The NSA is ruining the internet one piece at a time. The NSA needs to be dismantled.