Trying to understand how Digital Certificates and CA are indeed secureWhat is an SSL certificate intended to prove, and how does it do it?How does bidirectional authentication using SSL work?Digital Signature and Verification?Are self-signed certificates actually more secure than CA signed certificates now?Understanding certificate securityDoes a self-signed certificate offer more protection than a public key?Using digital certificates in digital signaturesHow do certificates stop this man in the middle attack?How does an attack on a digital signature work?How do certificates work in terms of encryption, hashing, and signing?
What's the point of fighting monsters in Zelda BotW?
What ways are there to "PEEK" memory sections in (different) BASIC(s)
Why did Starhopper's exhaust plume become brighter just before landing?
Why is there no Disney logo in MCU movies?
Why is "I let him to sleep" incorrect (or is it)?
Group riding etiquette
How can I reply to people who accuse me of putting people out of work?
Why did Lucius make a deal out of Buckbeak hurting Draco but not about Draco being turned into a ferret?
STM32 cannot reach individual registers and pins as PIC
Is it unusual for a math department not to have a mail/web server?
I feel cheated on by my new employer, does this sound right?
How can I fix cracks between the bathtub and the wall surround?
Pen test results for web application include a file from a forbidden directory that is not even used or referenced
Employing a contractor proving difficult
Is the internet in Madagascar faster than in UK?
Why doesn't Starship have four landing legs?
Why didn't Doc believe Marty was from the future?
Can two aircraft stay on the same runway at the same time?
Limit and Integration are interchangeable
How do I portray irrational anger in first person?
Is this position a forced win for Black after move 14?
Don't look at what I did there
What's the difference between a variable and a memory location?
Necessity of tenure for lifetime academic research
Trying to understand how Digital Certificates and CA are indeed secure
What is an SSL certificate intended to prove, and how does it do it?How does bidirectional authentication using SSL work?Digital Signature and Verification?Are self-signed certificates actually more secure than CA signed certificates now?Understanding certificate securityDoes a self-signed certificate offer more protection than a public key?Using digital certificates in digital signaturesHow do certificates stop this man in the middle attack?How does an attack on a digital signature work?How do certificates work in terms of encryption, hashing, and signing?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I understand that Digital Certificates and Certificate Authorities (trusted 3rd parties) help prevent man in the middle attacks during HTTPS connections. However, I am confused on a few details.
Let's say we have a client Alice and Bob who has a server mapped to "bob.com".
When Bob (bob.com) asks a CA (let's say veriSign) for a new certificate to be created and sends them his public key to be put inside the certificate, what is stopping a hacker from intercepting the request, switching the public key with their own, having the CA create a false certificate, and then returning this false certificate to Bob. Is the only protection here that Bob actually checks that the public key on the returned certificate matches what he originally sent in his request to the CA? And then I guess informing the CA that what he got back doesn't match what he sent out, so the CA doesn't maintain a false record?
Assuming that the newly created certificate Bob gets from veriSign is legit, let now say that Alice is going to make a request to "bob.com" via the HTTPS protocol. What is preventing a dual channel MITM attack where a hacker intercepts Bob's new certificate on way to Alice, creates a new one, signs it with their own secret key (which was previously signed by verisign), but then also intercepts Alice's request to veriSign when she asks for veriSign's public key, and switches it out again with the matching public key to the malicious secret key. Now when Alice tries to check the integrity of the false certificate, it checks out because although she thinks she is checking the signature with veriSign's public key, she is really using the malicious public key?
tls certificates certificate-authority
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
add a comment |
I understand that Digital Certificates and Certificate Authorities (trusted 3rd parties) help prevent man in the middle attacks during HTTPS connections. However, I am confused on a few details.
Let's say we have a client Alice and Bob who has a server mapped to "bob.com".
When Bob (bob.com) asks a CA (let's say veriSign) for a new certificate to be created and sends them his public key to be put inside the certificate, what is stopping a hacker from intercepting the request, switching the public key with their own, having the CA create a false certificate, and then returning this false certificate to Bob. Is the only protection here that Bob actually checks that the public key on the returned certificate matches what he originally sent in his request to the CA? And then I guess informing the CA that what he got back doesn't match what he sent out, so the CA doesn't maintain a false record?
Assuming that the newly created certificate Bob gets from veriSign is legit, let now say that Alice is going to make a request to "bob.com" via the HTTPS protocol. What is preventing a dual channel MITM attack where a hacker intercepts Bob's new certificate on way to Alice, creates a new one, signs it with their own secret key (which was previously signed by verisign), but then also intercepts Alice's request to veriSign when she asks for veriSign's public key, and switches it out again with the matching public key to the malicious secret key. Now when Alice tries to check the integrity of the false certificate, it checks out because although she thinks she is checking the signature with veriSign's public key, she is really using the malicious public key?
tls certificates certificate-authority
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
5
Aside: Verisign is not a good example. They sold their CA businesses (plural) in 2015 to Symantec, which was in the process of gradually rebranding until 2017 they were caught breaking the rules and rather than clean up their act sold the lot to Digicert, who are now more actively phasing out the old Verisign roots. The substance of your Q still applies to other CAs, of course.
– dave_thompson_085
Aug 17 at 3:04
1
@dave_thompson_085 I think veriSign was supposed to be a general signing company, just like Alice and Bob aren't real names either.
– Mast
Aug 17 at 10:53
1
You submit your CSR over TLS, so it cannot be modified in usual cases.
– eckes
Aug 17 at 14:51
1
Why hasn't anyone mentioned that many "trusted CAs" are not actually trustworthy? Just take a look at your computer's pre-installed list (run certmgr.msc) and the certificates that come with your browser. Probably there are hundreds of them. Hopefully you don't have any outright bad certificates (such as Superfish). But many CAs are untrustworthy anyway.
– user21820
Aug 18 at 6:54
add a comment |
I understand that Digital Certificates and Certificate Authorities (trusted 3rd parties) help prevent man in the middle attacks during HTTPS connections. However, I am confused on a few details.
Let's say we have a client Alice and Bob who has a server mapped to "bob.com".
When Bob (bob.com) asks a CA (let's say veriSign) for a new certificate to be created and sends them his public key to be put inside the certificate, what is stopping a hacker from intercepting the request, switching the public key with their own, having the CA create a false certificate, and then returning this false certificate to Bob. Is the only protection here that Bob actually checks that the public key on the returned certificate matches what he originally sent in his request to the CA? And then I guess informing the CA that what he got back doesn't match what he sent out, so the CA doesn't maintain a false record?
Assuming that the newly created certificate Bob gets from veriSign is legit, let now say that Alice is going to make a request to "bob.com" via the HTTPS protocol. What is preventing a dual channel MITM attack where a hacker intercepts Bob's new certificate on way to Alice, creates a new one, signs it with their own secret key (which was previously signed by verisign), but then also intercepts Alice's request to veriSign when she asks for veriSign's public key, and switches it out again with the matching public key to the malicious secret key. Now when Alice tries to check the integrity of the false certificate, it checks out because although she thinks she is checking the signature with veriSign's public key, she is really using the malicious public key?
tls certificates certificate-authority
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
I understand that Digital Certificates and Certificate Authorities (trusted 3rd parties) help prevent man in the middle attacks during HTTPS connections. However, I am confused on a few details.
Let's say we have a client Alice and Bob who has a server mapped to "bob.com".
When Bob (bob.com) asks a CA (let's say veriSign) for a new certificate to be created and sends them his public key to be put inside the certificate, what is stopping a hacker from intercepting the request, switching the public key with their own, having the CA create a false certificate, and then returning this false certificate to Bob. Is the only protection here that Bob actually checks that the public key on the returned certificate matches what he originally sent in his request to the CA? And then I guess informing the CA that what he got back doesn't match what he sent out, so the CA doesn't maintain a false record?
Assuming that the newly created certificate Bob gets from veriSign is legit, let now say that Alice is going to make a request to "bob.com" via the HTTPS protocol. What is preventing a dual channel MITM attack where a hacker intercepts Bob's new certificate on way to Alice, creates a new one, signs it with their own secret key (which was previously signed by verisign), but then also intercepts Alice's request to veriSign when she asks for veriSign's public key, and switches it out again with the matching public key to the malicious secret key. Now when Alice tries to check the integrity of the false certificate, it checks out because although she thinks she is checking the signature with veriSign's public key, she is really using the malicious public key?
tls certificates certificate-authority
tls certificates certificate-authority
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
asked Aug 16 at 22:59
4Matt4Matt
483 bronze badges
483 bronze badges
5
Aside: Verisign is not a good example. They sold their CA businesses (plural) in 2015 to Symantec, which was in the process of gradually rebranding until 2017 they were caught breaking the rules and rather than clean up their act sold the lot to Digicert, who are now more actively phasing out the old Verisign roots. The substance of your Q still applies to other CAs, of course.
– dave_thompson_085
Aug 17 at 3:04
1
@dave_thompson_085 I think veriSign was supposed to be a general signing company, just like Alice and Bob aren't real names either.
– Mast
Aug 17 at 10:53
1
You submit your CSR over TLS, so it cannot be modified in usual cases.
– eckes
Aug 17 at 14:51
1
Why hasn't anyone mentioned that many "trusted CAs" are not actually trustworthy? Just take a look at your computer's pre-installed list (run certmgr.msc) and the certificates that come with your browser. Probably there are hundreds of them. Hopefully you don't have any outright bad certificates (such as Superfish). But many CAs are untrustworthy anyway.
– user21820
Aug 18 at 6:54
add a comment |
5
Aside: Verisign is not a good example. They sold their CA businesses (plural) in 2015 to Symantec, which was in the process of gradually rebranding until 2017 they were caught breaking the rules and rather than clean up their act sold the lot to Digicert, who are now more actively phasing out the old Verisign roots. The substance of your Q still applies to other CAs, of course.
– dave_thompson_085
Aug 17 at 3:04
1
@dave_thompson_085 I think veriSign was supposed to be a general signing company, just like Alice and Bob aren't real names either.
– Mast
Aug 17 at 10:53
1
You submit your CSR over TLS, so it cannot be modified in usual cases.
– eckes
Aug 17 at 14:51
1
Why hasn't anyone mentioned that many "trusted CAs" are not actually trustworthy? Just take a look at your computer's pre-installed list (run certmgr.msc) and the certificates that come with your browser. Probably there are hundreds of them. Hopefully you don't have any outright bad certificates (such as Superfish). But many CAs are untrustworthy anyway.
– user21820
Aug 18 at 6:54
5
5
Aside: Verisign is not a good example. They sold their CA businesses (plural) in 2015 to Symantec, which was in the process of gradually rebranding until 2017 they were caught breaking the rules and rather than clean up their act sold the lot to Digicert, who are now more actively phasing out the old Verisign roots. The substance of your Q still applies to other CAs, of course.
– dave_thompson_085
Aug 17 at 3:04
Aside: Verisign is not a good example. They sold their CA businesses (plural) in 2015 to Symantec, which was in the process of gradually rebranding until 2017 they were caught breaking the rules and rather than clean up their act sold the lot to Digicert, who are now more actively phasing out the old Verisign roots. The substance of your Q still applies to other CAs, of course.
– dave_thompson_085
Aug 17 at 3:04
1
1
@dave_thompson_085 I think veriSign was supposed to be a general signing company, just like Alice and Bob aren't real names either.
– Mast
Aug 17 at 10:53
@dave_thompson_085 I think veriSign was supposed to be a general signing company, just like Alice and Bob aren't real names either.
– Mast
Aug 17 at 10:53
1
1
You submit your CSR over TLS, so it cannot be modified in usual cases.
– eckes
Aug 17 at 14:51
You submit your CSR over TLS, so it cannot be modified in usual cases.
– eckes
Aug 17 at 14:51
1
1
Why hasn't anyone mentioned that many "trusted CAs" are not actually trustworthy? Just take a look at your computer's pre-installed list (run certmgr.msc) and the certificates that come with your browser. Probably there are hundreds of them. Hopefully you don't have any outright bad certificates (such as Superfish). But many CAs are untrustworthy anyway.
– user21820
Aug 18 at 6:54
Why hasn't anyone mentioned that many "trusted CAs" are not actually trustworthy? Just take a look at your computer's pre-installed list (run certmgr.msc) and the certificates that come with your browser. Probably there are hundreds of them. Hopefully you don't have any outright bad certificates (such as Superfish). But many CAs are untrustworthy anyway.
– user21820
Aug 18 at 6:54
add a comment |
2 Answers
2
active
oldest
votes
Is the only protection here that Bob actually checks that the public
key on the returned certificate matches what he originally sent in his
request to the CA?
If the public key was switched before the CA used it to create the certificate, then Bob's web site won't work at all. The private key, which he has kept safe, will only work with his original public key. It is unlikely the attacker can MITM all connections and prevent this fact from becoming obvious.
intercepts Alice's request to veriSign when she asks for veriSign's
public key, and switches it out again with the matching public key to
the malicious secret key.
Alice doesn't reach out to Verisign; Alice only trusts copies of the CA certificates in her browser or computer's trusted certificate store, of which Verisign's happens to be one.
The trusted certificate store is populated at install time (of the OS, or in the case of Firefox, of the application) and is then updated via regular OS or Application updates as necessary - less than you'd think, as many root CAs are long-lived.
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
IMHO it would improve this otherwise good answer to mention how CA certificates come to be in the trusted certificate store
– Tom W
Aug 17 at 19:44
3
@TomW I updated to try and give a simple explanation - if you try to get into the details, say for Windows, it becomes a maze of twisty packages, all different, some causing pulled hair.
– gowenfawr
Aug 17 at 20:13
add a comment |
Good question. The certificates of the most trusted CAs are normally included into software install package, e.g. into browser installer, into OS installer, or are preinstalled on device like smartphone. That's why the browser (or some other application) will notice if certificate is really from the specified CA.
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
If browser developers are unable to accurately determine which CAs are trustworthy, why should they be even installed? And even if installing them provides some convenience, why should they be called "trusted"? There is something really wrong with the CA ecosystem, but it seems that few dare to speak up about it.
– user21820
Aug 18 at 7:02
1) Trusted - because the developers of particular software (browser, OS, whatever) trust them. It is up to you to trust or not. You are free to delete any certificates you want. 2) PKI is a complex field. "few dare to speak up" - of course you have right to have your own opinion. But many other people thought about it already 20 years ago (see when IPSEC, DNSSEC, etc. was developed), now even more do that.
– mentallurg
Aug 18 at 13:50
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f215439%2ftrying-to-understand-how-digital-certificates-and-ca-are-indeed-secure%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is the only protection here that Bob actually checks that the public
key on the returned certificate matches what he originally sent in his
request to the CA?
If the public key was switched before the CA used it to create the certificate, then Bob's web site won't work at all. The private key, which he has kept safe, will only work with his original public key. It is unlikely the attacker can MITM all connections and prevent this fact from becoming obvious.
intercepts Alice's request to veriSign when she asks for veriSign's
public key, and switches it out again with the matching public key to
the malicious secret key.
Alice doesn't reach out to Verisign; Alice only trusts copies of the CA certificates in her browser or computer's trusted certificate store, of which Verisign's happens to be one.
The trusted certificate store is populated at install time (of the OS, or in the case of Firefox, of the application) and is then updated via regular OS or Application updates as necessary - less than you'd think, as many root CAs are long-lived.
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
IMHO it would improve this otherwise good answer to mention how CA certificates come to be in the trusted certificate store
– Tom W
Aug 17 at 19:44
3
@TomW I updated to try and give a simple explanation - if you try to get into the details, say for Windows, it becomes a maze of twisty packages, all different, some causing pulled hair.
– gowenfawr
Aug 17 at 20:13
add a comment |
Is the only protection here that Bob actually checks that the public
key on the returned certificate matches what he originally sent in his
request to the CA?
If the public key was switched before the CA used it to create the certificate, then Bob's web site won't work at all. The private key, which he has kept safe, will only work with his original public key. It is unlikely the attacker can MITM all connections and prevent this fact from becoming obvious.
intercepts Alice's request to veriSign when she asks for veriSign's
public key, and switches it out again with the matching public key to
the malicious secret key.
Alice doesn't reach out to Verisign; Alice only trusts copies of the CA certificates in her browser or computer's trusted certificate store, of which Verisign's happens to be one.
The trusted certificate store is populated at install time (of the OS, or in the case of Firefox, of the application) and is then updated via regular OS or Application updates as necessary - less than you'd think, as many root CAs are long-lived.
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
IMHO it would improve this otherwise good answer to mention how CA certificates come to be in the trusted certificate store
– Tom W
Aug 17 at 19:44
3
@TomW I updated to try and give a simple explanation - if you try to get into the details, say for Windows, it becomes a maze of twisty packages, all different, some causing pulled hair.
– gowenfawr
Aug 17 at 20:13
add a comment |
Is the only protection here that Bob actually checks that the public
key on the returned certificate matches what he originally sent in his
request to the CA?
If the public key was switched before the CA used it to create the certificate, then Bob's web site won't work at all. The private key, which he has kept safe, will only work with his original public key. It is unlikely the attacker can MITM all connections and prevent this fact from becoming obvious.
intercepts Alice's request to veriSign when she asks for veriSign's
public key, and switches it out again with the matching public key to
the malicious secret key.
Alice doesn't reach out to Verisign; Alice only trusts copies of the CA certificates in her browser or computer's trusted certificate store, of which Verisign's happens to be one.
The trusted certificate store is populated at install time (of the OS, or in the case of Firefox, of the application) and is then updated via regular OS or Application updates as necessary - less than you'd think, as many root CAs are long-lived.
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
Is the only protection here that Bob actually checks that the public
key on the returned certificate matches what he originally sent in his
request to the CA?
If the public key was switched before the CA used it to create the certificate, then Bob's web site won't work at all. The private key, which he has kept safe, will only work with his original public key. It is unlikely the attacker can MITM all connections and prevent this fact from becoming obvious.
intercepts Alice's request to veriSign when she asks for veriSign's
public key, and switches it out again with the matching public key to
the malicious secret key.
Alice doesn't reach out to Verisign; Alice only trusts copies of the CA certificates in her browser or computer's trusted certificate store, of which Verisign's happens to be one.
The trusted certificate store is populated at install time (of the OS, or in the case of Firefox, of the application) and is then updated via regular OS or Application updates as necessary - less than you'd think, as many root CAs are long-lived.
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
edited Aug 17 at 20:12
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
answered Aug 16 at 23:11
gowenfawrgowenfawr
58.1k12 gold badges131 silver badges173 bronze badges
58.1k12 gold badges131 silver badges173 bronze badges
IMHO it would improve this otherwise good answer to mention how CA certificates come to be in the trusted certificate store
– Tom W
Aug 17 at 19:44
3
@TomW I updated to try and give a simple explanation - if you try to get into the details, say for Windows, it becomes a maze of twisty packages, all different, some causing pulled hair.
– gowenfawr
Aug 17 at 20:13
add a comment |
IMHO it would improve this otherwise good answer to mention how CA certificates come to be in the trusted certificate store
– Tom W
Aug 17 at 19:44
3
@TomW I updated to try and give a simple explanation - if you try to get into the details, say for Windows, it becomes a maze of twisty packages, all different, some causing pulled hair.
– gowenfawr
Aug 17 at 20:13
IMHO it would improve this otherwise good answer to mention how CA certificates come to be in the trusted certificate store
– Tom W
Aug 17 at 19:44
IMHO it would improve this otherwise good answer to mention how CA certificates come to be in the trusted certificate store
– Tom W
Aug 17 at 19:44
3
3
@TomW I updated to try and give a simple explanation - if you try to get into the details, say for Windows, it becomes a maze of twisty packages, all different, some causing pulled hair.
– gowenfawr
Aug 17 at 20:13
@TomW I updated to try and give a simple explanation - if you try to get into the details, say for Windows, it becomes a maze of twisty packages, all different, some causing pulled hair.
– gowenfawr
Aug 17 at 20:13
add a comment |
Good question. The certificates of the most trusted CAs are normally included into software install package, e.g. into browser installer, into OS installer, or are preinstalled on device like smartphone. That's why the browser (or some other application) will notice if certificate is really from the specified CA.
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
If browser developers are unable to accurately determine which CAs are trustworthy, why should they be even installed? And even if installing them provides some convenience, why should they be called "trusted"? There is something really wrong with the CA ecosystem, but it seems that few dare to speak up about it.
– user21820
Aug 18 at 7:02
1) Trusted - because the developers of particular software (browser, OS, whatever) trust them. It is up to you to trust or not. You are free to delete any certificates you want. 2) PKI is a complex field. "few dare to speak up" - of course you have right to have your own opinion. But many other people thought about it already 20 years ago (see when IPSEC, DNSSEC, etc. was developed), now even more do that.
– mentallurg
Aug 18 at 13:50
add a comment |
Good question. The certificates of the most trusted CAs are normally included into software install package, e.g. into browser installer, into OS installer, or are preinstalled on device like smartphone. That's why the browser (or some other application) will notice if certificate is really from the specified CA.
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
If browser developers are unable to accurately determine which CAs are trustworthy, why should they be even installed? And even if installing them provides some convenience, why should they be called "trusted"? There is something really wrong with the CA ecosystem, but it seems that few dare to speak up about it.
– user21820
Aug 18 at 7:02
1) Trusted - because the developers of particular software (browser, OS, whatever) trust them. It is up to you to trust or not. You are free to delete any certificates you want. 2) PKI is a complex field. "few dare to speak up" - of course you have right to have your own opinion. But many other people thought about it already 20 years ago (see when IPSEC, DNSSEC, etc. was developed), now even more do that.
– mentallurg
Aug 18 at 13:50
add a comment |
Good question. The certificates of the most trusted CAs are normally included into software install package, e.g. into browser installer, into OS installer, or are preinstalled on device like smartphone. That's why the browser (or some other application) will notice if certificate is really from the specified CA.
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
Good question. The certificates of the most trusted CAs are normally included into software install package, e.g. into browser installer, into OS installer, or are preinstalled on device like smartphone. That's why the browser (or some other application) will notice if certificate is really from the specified CA.
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
answered Aug 17 at 0:01
mentallurgmentallurg
6923 silver badges10 bronze badges
6923 silver badges10 bronze badges
If browser developers are unable to accurately determine which CAs are trustworthy, why should they be even installed? And even if installing them provides some convenience, why should they be called "trusted"? There is something really wrong with the CA ecosystem, but it seems that few dare to speak up about it.
– user21820
Aug 18 at 7:02
1) Trusted - because the developers of particular software (browser, OS, whatever) trust them. It is up to you to trust or not. You are free to delete any certificates you want. 2) PKI is a complex field. "few dare to speak up" - of course you have right to have your own opinion. But many other people thought about it already 20 years ago (see when IPSEC, DNSSEC, etc. was developed), now even more do that.
– mentallurg
Aug 18 at 13:50
add a comment |
If browser developers are unable to accurately determine which CAs are trustworthy, why should they be even installed? And even if installing them provides some convenience, why should they be called "trusted"? There is something really wrong with the CA ecosystem, but it seems that few dare to speak up about it.
– user21820
Aug 18 at 7:02
1) Trusted - because the developers of particular software (browser, OS, whatever) trust them. It is up to you to trust or not. You are free to delete any certificates you want. 2) PKI is a complex field. "few dare to speak up" - of course you have right to have your own opinion. But many other people thought about it already 20 years ago (see when IPSEC, DNSSEC, etc. was developed), now even more do that.
– mentallurg
Aug 18 at 13:50
If browser developers are unable to accurately determine which CAs are trustworthy, why should they be even installed? And even if installing them provides some convenience, why should they be called "trusted"? There is something really wrong with the CA ecosystem, but it seems that few dare to speak up about it.
– user21820
Aug 18 at 7:02
If browser developers are unable to accurately determine which CAs are trustworthy, why should they be even installed? And even if installing them provides some convenience, why should they be called "trusted"? There is something really wrong with the CA ecosystem, but it seems that few dare to speak up about it.
– user21820
Aug 18 at 7:02
1) Trusted - because the developers of particular software (browser, OS, whatever) trust them. It is up to you to trust or not. You are free to delete any certificates you want. 2) PKI is a complex field. "few dare to speak up" - of course you have right to have your own opinion. But many other people thought about it already 20 years ago (see when IPSEC, DNSSEC, etc. was developed), now even more do that.
– mentallurg
Aug 18 at 13:50
1) Trusted - because the developers of particular software (browser, OS, whatever) trust them. It is up to you to trust or not. You are free to delete any certificates you want. 2) PKI is a complex field. "few dare to speak up" - of course you have right to have your own opinion. But many other people thought about it already 20 years ago (see when IPSEC, DNSSEC, etc. was developed), now even more do that.
– mentallurg
Aug 18 at 13:50
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f215439%2ftrying-to-understand-how-digital-certificates-and-ca-are-indeed-secure%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
5
Aside: Verisign is not a good example. They sold their CA businesses (plural) in 2015 to Symantec, which was in the process of gradually rebranding until 2017 they were caught breaking the rules and rather than clean up their act sold the lot to Digicert, who are now more actively phasing out the old Verisign roots. The substance of your Q still applies to other CAs, of course.
– dave_thompson_085
Aug 17 at 3:04
1
@dave_thompson_085 I think veriSign was supposed to be a general signing company, just like Alice and Bob aren't real names either.
– Mast
Aug 17 at 10:53
1
You submit your CSR over TLS, so it cannot be modified in usual cases.
– eckes
Aug 17 at 14:51
1
Why hasn't anyone mentioned that many "trusted CAs" are not actually trustworthy? Just take a look at your computer's pre-installed list (run certmgr.msc) and the certificates that come with your browser. Probably there are hundreds of them. Hopefully you don't have any outright bad certificates (such as Superfish). But many CAs are untrustworthy anyway.
– user21820
Aug 18 at 6:54