Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Networking Privacy Security The Internet

The Dark Side of Certificate Transparency (sans.edu) 62

Slashdot reader UnderAttack writes: Certificate Transparency is a system promoted by companies like Google that requires certificate authorities to publish a log of all certificates issued. With certificate transparency, you can search these logs for any of the domains you own, to find unauthorized certificates. However, certificates are not only used for public sites. And with all certificates being published, some include host names that are not meant to be publicly known. An update of the standard is in the works to allow entities to obfuscate the host name, but until then, certificate transparency logs are a good recognizance source.
This discussion has been archived. No new comments can be posted.

The Dark Side of Certificate Transparency

Comments Filter:
  • recognizance ?! (Score:3, Insightful)

    by Anonymous Coward on Saturday August 06, 2016 @10:35AM (#52655817)

    I don't think you know what that word means!

    • by pahles ( 701275 )
      recognizance |rk()nz()ns| (also recognisance)
      noun Law
      a bond by which a person undertakes before a court or magistrate to observe some condition, especially to appear when summoned. the Lord Chancellor asked them to enter into recognizances to appear in court. he was released on his own recognizance of £30,000.
  • Stupid (Score:2, Informative)

    by Anonymous Coward

    This is stupid. Transparency is good. Don't rely on security through obscurity. If that's your method to keep secrets, you deserve what you get. There's no legitimate reason why you should have a secret hostname that's not otherwise secured, if you don't want people accessing it.

    • just great. Now I, the fucking CFO, have to enter a password before I can gain access to the accounting system. How the fuck am I supposed to do that on this fucking tiny cell phone screen, in broad daylight, on the 7th hole. I have to fucking walk all the way back to the cart, just so I can see the fucking tiny little fucking letters.

  • by plsuh ( 129598 ) <plsuh@noSPaM.goodeast.com> on Saturday August 06, 2016 @10:55AM (#52655863) Homepage

    1) Hostnames leak all the time. A client will make a DNS request and the name becomes known even if it is not resolvable on the public Internet.

    2) If you really care that much, run an internal CA. Lots of ways to do it, most server OS's have built-in or easily available internal CA software.

    Keeping a hostname out of the certificate log is pretty much pointless security by obscurity.

    • Very well said. I have no mod points, so here's my virtual +1.

    • by ErikTheRed ( 162431 ) on Saturday August 06, 2016 @11:44AM (#52656021) Homepage

      Exactly. We use an internal CA (there are several good ones out there like EJBCA) for all of our private internal hosts.

    • I created certificates for our development servers and QA machines at one job. Previously we just put the certificate from the production server on and everyone was tired of having the warning pop up but nobody was going to pay to get real certificates. We had a lot of different host names because it was a government department that had been created from a group of smaller departments who wanted to keep their domain names plus any names for campaigns. The developers and testers just had to trust the new iss

    • by TheRaven64 ( 641858 ) on Saturday August 06, 2016 @12:40PM (#52656195) Journal
      The second point doesn't make a difference. If your clients support certificate transparency, then they will publish any server certs that they come across. It doesn't matter what the cert is. The real point, however, is that if the machine should not be routable from outside of your network, then you should not make it routable from off your network. Assuming that the hostname (or IP) is secret is silly.
      • by tepples ( 727027 )

        The real point, however, is that if the machine should not be routable from outside of your network, then you should not make it routable from off your network.

        If a machine is not routable, how will Let's Encrypt or any other DV CA know that you have enough control over a machine to be entitled to a certificate for its hostname?

        • Why bother with those external CAs?

          That's what point 2) of OP is for. Private hosts, private network, private CA. By the time you're running your own private hosts on your own private network, it's for sure a no-brainer for your IT staff to run their own CA and register it as trusted CA in all internal computer systems.

          • By the time you're running your own private hosts on your own private network, it's for sure a no-brainer for your IT staff to run their own CA and register it as trusted CA in all internal computer systems.

            Say someone goes to Best Buy and buys a home server for use on a home LAN, and its web-based administration interface uses a private CA for HTTPS. Is the owner of that home server likely to know how to make the server's internal CA trusted on all Windows, macOS, Android, and iOS devices on the home network?

            • By the time someone feels the need for a private server at home (and even knows what to do with it and how to use it - including things like setting up a domain and getting fixed IP or DynDNS to actually be able to access it remotely), they should be able to handle that part as well. If they can't figure out such a task, no hopes for the security of the rest of the server so whether it's https or not doesn't matter any more.

              • by tepples ( 727027 )

                By the time someone feels the need for a private server at home (and even knows what to do with it and how to use it - including things like setting up a domain and getting fixed IP or DynDNS to actually be able to access it remotely)

                I wasn't referring to remote access. I was referring to access only within the private home LAN.
                they should be able to handle that part as well. If they can't figure out such a task, no hopes for the security of the rest of the server so whether it's https or not doesn't matter any more.

                Let me repeat it in my own words to make sure I understand what you wrote:

                Nobody should buy a networked printer or networked backup appliance until he or she has already learned how to trust a CA.

                What if anything did I misun

                • Those are not servers and don't need to serve https as you'll connect on a trusted network - your own, and your own only. Wired or encrypted WiFi.

                  My own networked printer required me to connect by cable first for initial setup, after which the built in software would connect the printer to my network (I had to tell which and so). Secure without CA.

                  • [Appliances on a home network with a web-based administration interface] are not servers and don't need to serve https

                    The article "Deprecating Non-Secure HTTP" by Richard Barnes [mozilla.org] begins: "Today we are announcing our intent to phase out non-secure HTTP." Not only Firefox but also Chrome [chromium.org] has announced plans to deprecate HTTP. This includes making new web APIs, such as Service Worker, available only to a "secure context". The list of such APIs [fxsitecompat.com] includes Service Worker, Geolocation, Notification, Fullscreen, Pointer Lock, and Media Stream (camera and microphone).

                    A secure context is available only if all documents holding referen

  • by lkcl ( 517947 ) <lkcl@lkcl.net> on Saturday August 06, 2016 @11:03AM (#52655879) Homepage

    y'know... it occurs to me that seeing CENTRALISED trust mechanisms break down really is no surpise, at all. it's a simple mathematical equation which can be explored by doing e^(1/N) * N where you increase N, then make a tiny *tiny* change in the 1/N value. so E^(1/100,010) * 100,000 for example is drastically divergent from E^(1/100,000) / 100,000. point being: the more you CENTRALISE trust, the greater the chance of it being violated (exponentialy greater)

        solving this will take moving away from CENTRALISED trust to DECENTRALISED trust. does anyone remember keynote (an IETF RFC), or advogato, or even the moderation system behind slashdot, and how effective those are? we really really need to start moving to things like blockchain. as in, don't arse about expecting the incumbents to move to blockchain (because they have financial incentives not to do so) - just move to blockchain-based SSL Certificates.

    • by lkcl ( 517947 ) <lkcl@lkcl.net> on Saturday August 06, 2016 @11:04AM (#52655889) Homepage

      huh. like this. how about that - someone's already done it. https://github.com/okTurtles/d... [github.com]

    • by Anonymous Coward

      blockchain-base SSL?

      Does that make any sense at all?

      Sounds to me like "lets all move to cloud-based furniture!"

      • blockchain-base SSL?

        Does that make any sense at all?

        It makes about as much sense as layering DANE (RFCs 6698 and 7671-7673) on top of Namecoin.

    • I take it you are the one that posted a reply on the SANS site about okTurtles? You should probably know how it actually works before you endorse it because it is broken [indolering.com], according to Namecoin developers who make the technology that it uses.

      Second, you are effectively posting off-topic because a blockchain solution will not address the problem from the article AT ALL. Namecoin, on purpose, makes all of the certificates public. Certificate transparency is a key feature of any blockchain-based solution.
    • by Lehk228 ( 705449 )
      blockchain is automatically retarded, if you take over 50%+1 you control everything.
  • by drolli ( 522659 ) on Saturday August 06, 2016 @11:07AM (#52655905) Journal

    then you should not need any certificate form any CA but yourself.

    • by tepples ( 727027 )

      then you should not need any certificate form any CA but yourself.

      Let's assume that an appliance on a home LAN needs an X.509 certificate for HTTPS on its web-based administration interface. Let's further assume that the device acts as its own CA to issue this certificate. What would be the easiest way to get this device's CA trusted by the Windows, macOS, Android, and iOS devices on the LAN?

  • by Wrath0fb0b ( 302444 ) on Saturday August 06, 2016 @11:12AM (#52655917)

    Seriously, does this bozo think that there is any security benefit if an attacker doesn't know your internal domain names? What in the world does that buy?

    PS. Editors: reconnaissance != recognizance. Holy hell what a train wreck.

    • when it comes to phishing attacks knowing internal host and site names has huge value in generating bait that IS FAR MORE LIKELY TO HOOK A VICTIM.
  • Don't you think that Certificate Security [slashdot.org] would be the priority?

    An update of the standard is in the works to allow entities to obfuscate the host name..

    So now the whole idea becomes entirely useless, aside from the public relations.

    Certificates are cookies, just another word with more syllables and some different letters.

    • The proposal is to redact subdomains in the certificate log. That won't impact security at all, but will solve this problem. You can still see if a CA issued a certificate for a domain that they shouldn't. The only time this could lead to confusion would be if you own a domain for which you have multiple subdomains with certificates signed by different authorities, which probably doesn't (or shouldn't) happen.
      • by tepples ( 727027 )

        The only time this could lead to confusion would be if you own a domain for which you have multiple subdomains with certificates signed by different authorities, which probably doesn't (or shouldn't) happen.

        And if it does happen, your domain probably is a public suffix [publicsuffix.org].

        • I imagine the standard will account for this by only subdomains lower than whatever the level of an "owned" domain is, but thanks for pointing it out!
          • by tepples ( 727027 )

            For example, Amazon owns the amazonaws.com, but it allows Simple Storage Service (S3) subscribers to register subdomains (called "buckets"). This makes the buckets' root domain (s3.amazonaws.com) a public suffix, though Amazon uses its own wildcard certificate for *.s3.amazonaws.com to serve files in S3 buckets to HTTPS clients.

  • by SvnLyrBrto ( 62138 ) on Saturday August 06, 2016 @12:03PM (#52656081)

    ... in my pre-coffee state. But:

    > vpn.miltonsandfordwines.com
    > upstest2.managehr.com
    > mail.backup-technology.co.uk

    How exactly is the knowledge of the existence of any of these domains a problem? Just about any given domain can be assumed to have a mail.whatever.com subdomain. Internal testing domains are internal and, if they're ever publicly routable at all, are only opened up for the duration of the test and then closed down again. And just the knowledge of a VPN address should never be enough. At the very least you also need a valid username/password. You probably need a 2-factor token. And you possibly need a client certificate of your own to access it.

    I'm failing to see any "dark side" here.

  • If your security relies on host-names remaining secret, then you have already messed up to a stellar degree. The host-name in a certificate is decidedly not the problem in that case.

    • What if the hostname is "workmail.hillaryspersonalsite.com" ?
      Or "black.sites.cia.gov" ?

      • by gweihir ( 88907 )

        Nice examples for what I said: These hostnames should never have been selected.

        Face it: Host-names can leak in other ways, for example DNS helpfully telling you about them in the "extra" section or from a reverse-lookup of the IP. ALso if you do a resolution call to a resolving DNS, that DNS (which can be an arbitrary resolving one) afterwards knows about the hostname. Hostnames are not secret in any practical sense.

        • Hostnames are supposed to be descriptive. Host names are descriptive, natural language mappings to IP addresses. That's their primary purpose. Those host names are fine as long as they're kept secret. There is no benefit to "transparency" nor is that the goal of the DNS system.

          Hostnames that map to IPs not publicly routable should not be disseminated publicly, regardless of what they are.

          • by gweihir ( 88907 )

            Seriously, you cannot practically keep hostnames secret, in particular those where a descriptive name is an advantage (no, this is _not_ generally the case).

  • the bad guys know all your host names.

    Oh, wait....

  • If it's not public, then it's on a private network where you should run your own CA. So what's the issue?

Technology is dominated by those who manage what they do not understand.

Working...