1

This site claims HTTPS is not enough security, as the CA itself could be DNS spoofed https://protonvpn.com/blog/public-wifi-and-https/

That seems unlikely to be true. If Chrome is keeping a local list of trusted certificate authorities, why wouldn't they also keep a list of their public keys? A DNS spoof cannot spoof the CAs public keys stored in my client (assuming Chrome stores them, I don't know for a fact).

user12341234
  • 147
  • 2
  • 7
  • 1
    *"...as the CA itself could be DNS spoofed..."* - I cannot see any such claim in the link you provide. Please cite the relevant part. Apart from that the article is misleading since it mixes DNS spoofing by an attacker in the network with social attacks which trick you into using a look-alike URL instead of the real one. But this is not DNS spoofing although claimed to be a *"variation of DNS spoofing"*. – Steffen Ullrich Oct 29 '19 at 03:46
  • @SteffenUllrich well it claims HTTPS is not secure enough somehow, which seemed to me to be due to some form of DNS attack. I'm not familiar with DNS spoofing, but I was pretty sure HTTPS is enough. – user12341234 Oct 29 '19 at 05:22
  • *"well it claims HTTPS is not secure enough somehow"* - yes it claims that but it makes no claims about *"CA itself could be DNS spoofed"* which you claim it does. This seems to be only your interpretation but is not their claim. In fact, nothing about a CA is inside this article at all. – Steffen Ullrich Oct 29 '19 at 06:55

1 Answers1

3

The trusted CA list, that browsers (and other TLS clients) have, consists of a list of the CA public keys. They don't need to connect to the CA to access the key. This mechanism can be extended by importing the public key of other CAs (Corporate or Private) that you wish to trust.

The certificate authorities do maintain lists of revoked certificates. It is necessary to contact the CA to check to see if a certificate has been revoked. The results of this check can be cached, so it is not necessary to check every time a certificate is seen. It is not necessary at all if the site uses OSCP stapling to provide a signed verification.

It might be possible to spoof the DNS to redirect revocation requests. However, it would be extremely difficult to provide a properly signed response.

There is a risk that someone might convince a CA to provide a certificate that does not belong to the organization stated in the certificate. This is one reason for certificates to be revoked. There are mechanisms for organizations to publish the certificate authority or authorities that are permitted to sign their certificates.

It is possible to make the described attack more difficult by revoking trust for most of the default certificates. This should cause the browser to issue an alert if it receives a certificate signed by an untrusted CA. CAs are now aware of this issue and are unlikely to issue certificates for sites using this attack. Browser provider are likely to remove any CAs found to be issuing certificates used in such attacks.

The described attack is unlikely to succeed if you are browsing to sites using URLs from bookmarks or recently seen sites. The spoofed URLs will look good to you, but the browser doesn't care what the URL looks like.

BillThor
  • 27,737
  • 3
  • 37
  • 69