That was not entirely intentional. I’ve been been getting crazy amounts of spam from virtua recently, maybe you got a bad IP. I made a few changes to separate email and www filters.
Ooh. I have a script set up which sends articles from various RSS feeds to my Kindle, including tedu’s blog. Sometime earlier this week it stopped working. I haven’t SSH’d in yet to check, but maybe this is why.
I use virtua which is the biggest cable internet provider in Brazil. As he answered already, seems that there were some filters which were filtering both email and www…
I don’t know if my browser got the right cert, but the information presented on the page I got certainly seems to be correct (i.e. matches commits I’ve seen on source-changes@).
Unfortunately lobste.rs deliberately doesn’t let users hide all posts from particular domain. Any chance of a broken-ssl tag, or a policy to disallow links with dodgy certificates like this?
It’s not a broken or dodgy cert. The difference is the trust model
that @tedu is using. He is asking users to put trust in him vs a CA
(https://www.tedunangst.com/flak/post/moving-to-https - I know you
can’t see it without the cert). The important part is this:
Yesterday, reading this page in plaintext was perfectly fine, but today, add some AES to the mix, and it’s a terrible menace, unfit for even casual viewing.
The difference now is that your browser paints a terrifying UI vs
rendering stuff with a cert it doesn’t know about.
The model he is using is similar to SSH’s “Trust on first use” but
with a few extra steps to cope with the UI that operates via the
“Trust anything from these guys, they are totally OK, right? RIGHT?”
model.
Anyway, here is the cert, a sha256 sum and its sha256 fingerprint
of it if you feel like importing it into your browser:
Should work in all “modern” browsers. I did some testing to confirm. There’s a lot of stackoverflow answers that it doesn’t work, but most of them are old. They do make it difficult to find out.
Definitely works with edge. It has to go into the “Trusted Root CA” store, not the “Third-Party Root” store, or any of the other dozen. If you let it pick on its own, I have no idea where it goes. Fun times. You should get yet another warning that you’re about to do something terrible and dangerous. If you don’t see the scary message, you didn’t put it in the scary place. :) You can add it for just your user, not the whole machine.
It is a dodgy cert, or at least the only reasonable/practical security posture is to treat it as one (if it were a legit cert there would be no reason not to have it cross-signed by a reputable CA). I have no interest in importing some random blogger’s CA into my browser or adopting some manual CA import process in the general case (I’m willing to support efforts at a practical web of trust system - I actually used the monkeysphere addon for a while, but it now seems defunct). I would expect most security-conscious readers to feel the same. As such, I’d like to be able to filter sites like this out of my lobste.rs frontpage.
It is a dodgy cert, or at least the only reasonable/practical security posture is to treat it as one (if it were a legit cert there would be no reason not to have it cross-signed by a reputable CA).
Why is tedu’s cert any more dodgy than what you get from all those reputable CA’s that have made sure governments can MITM you at will?
A CA that had been caught doing that would present the same way as tedu’s CA. Should browsers be stricter than they are? Maybe, but even if I don’t think the bar for inclusion in the browser is as high as it should be, I’m sure as hell not going to trust a CA that hasn’t met it.
Isn’t that the same trust model as using tedu’s cert?
I assume you manually confirmed the fingerprints via ssh-keygen or similar, how ever it was done - you have put some trust in someone (either the CA / people who bundle the CAs for the web-terminal you are using, or that your connection isn’t mitm’d in the first place)
I will give ya that pgp is a bit different, but only for manually verified fingerprints. I am willing to bet that the vast majority of people using pgp for things like validating mails / releases of packages use the “Trust on first use” model.
I assume you manually confirmed the fingerprints via ssh-keygen or similar, how ever it was done
I mean I visited those specific physical machines and confirmed the fingerprints on their consoles.
you have put some trust in someone (either the CA / people who bundle the CAs for the web-terminal you are using, or that your connection isn’t mitm’d in the first place)
Sure. I trust the overall bundle-of-CAs, and that’s not ideal. But there’s at least some accountability in that system in a way that there just isn’t for “tedu”. Browser makers and CAs both have a lot more skin in the game than some guy with a website.
Sure. I trust the overall bundle-of-CAs, and that’s not ideal. But there’s at least some accountability in that system in a way that there just isn’t for “tedu”.
This is where the tedu model shines! You aren’t being asked to trust “tedu” beyond anything that isn’t already under the control of tedu, and, no third parties involved. I feel like a lot of the accountability problems fall by the way side when you are operating on an individual-site-level of trust vs a here-are-the-sites-we-trust model.
No, I’m being asked to trust the public network path from me to… well, who knows where? Verifying that the site I see the second time is the same as the site I saw the first time is the easy part (and something that, in this age of HKPK, browsers are doing even in the CA world). Verifying the first time one visits is important too though.
I’m not sure what your “absolute certainty” point is? What you see when you go to tedunangst.com is a site with a certificate signed by a CA that’s not in your browser’s trusted roots - this is exactly what you get when you go to sites from CAs that were caught helping governments MitM and have therefore been removed from your browser’s trusted roots (currently only WoSign).
I don’t know any of the people who add CAs to my browser, and I don’t know any of the people operating the CAs.
How can anyone know that all of the CAs in their browser will never break the rules you describe, such that CAs wll never, knowingly or unknowingly, validate a certificate they have no business validating?
However, I could actually validate and store tedu’s cert if I wanted to. Which means I could get more secure access to his blog than to my bank’s website.
I don’t know any of the people who add CAs to my browser, and I don’t know any of the people operating the CAs.
I don’t either, but they are at least public figures that have some accountability that way. If Mozilla or VeriSign shipped a bad certificate, there’s at least a chance that people would notice and make a fuss, and that there would be financial consequences for those organizations (as we’ve already seen with WoSign). If tedu (who I don’t know either) shipped a bad certificate, who would know or care?
However, I could actually validate and store tedu’s cert if I wanted to. Which means I could get more secure access to his blog than to my bank’s website.
How so? You can validate and store any site’s certificate if you want to, CA signing just gives you an additional level of validation. Indeed if a site is using HPKP then your browser will already be doing a trust-on-first-use style of validation on subsequent visits - just with additional verification on the first use.
Doesn’t HPKP imply that the TLS trust model is admittedly so broken that it needs a workaround at the HTTP layer? What about TLS for, say, email? Will all applications using TLS have to solve this problem which TLS was intended to solve?
I have not read about TLS 1.3 yet. Maybe the new edition has fixed this?
The TLS model is fine. HPKP gives the super-paranoid folks a way to get what they want without breaking compatibility with the rest of the system, that’s all.
Authentication probably needs application-layer components, because only the application can really define the security model. Drop-in encryption at the transport layer only goes so far. Web browsers align nicely with domain names; ssh aligns nicely with Unix user accounts, but other domains require their own models.
Caught by browser vendors, or by anyone who published evidence.
They’re all compromised, because governments really really want to compromise them, and no one wants their life fucked up for standing up to them.
If governments were systematically issuing bogus certificates we’d’ve caught them by now, given certificate transparency. WoSign was caught and will never be trusted again. Maybe some governments could be keeping a few compromised CAs in the back pocket and using them occasionally for strictly targeted attacks against individuals, but even that’s risky. And principled people do exist, and any ongoing compromise would risk bumping into one sooner or later.
Can you guess one of the requirements for meeting that bar?
Oh FFS. Speak clearly or not at all; I have no interest in playing games.
Oh FFS. Speak clearly or not at all; I have no interest in playing games.
I thought it was clear that making it possible for governments to MITM people was the requirement I was referring to.
On a related note, not bothering happy cartel members with actual competition is one of the requirements for a banking or ISP licence.
If governments were systematically issuing bogus certificates we’d’ve caught them by now, given certificate transparency.
What’s “certificate transparency”?
WoSign was caught and will never be trusted again.
Looks like WoSign was caught being compromised by some random criminals or something - not governments. If that’s the case, WoSign isn’t relevant to our discussion.
Maybe some governments could be keeping a few compromised CAs in the back pocket
Maybe? You know there’s always a bunch of psychopaths everywhere, happy to receive bribes/benefits for shafting all of mankind, and if that’s not an option, they can just directly force some people to make it happen.
What would you expect? “Oh gosh, we sure would LOVE to see all that traffic, but it’s encrypted so I guess there’s nothing whatsoever we can do about it ever!!”
I think in practice it makes very little difference. The intentions are the same.
I wonder if you genuinely believe that. But no, the intentions are completely different.
The government won’t MITM you to get your money - they just take your money by force every year anyway.
Instead, the government wants to MITM you so that they can identify you as a potential threat to their continued rule over everyone, and move to neutralize the threat if necessary.
I like to think that I am a security conscious user. I met @tedu in person and I trust his self signed certificate more than a third party emitted certificate. Would I trust him signing a cert for gmail? No. I do not however see a problem with him self signing a certificate for his own site.
On the other hand, there was more than one occurrence of a ‘trusted’ CA signing domains without due diligence and our browsers didn’t warn us about that. The CA model is f—ed and broken.
Tedu’s blog is not accessible from Brazil so I end up having to access using a proxy located in the USA. Not sure this is intentional.
That was not entirely intentional. I’ve been been getting crazy amounts of spam from virtua recently, maybe you got a bad IP. I made a few changes to separate email and www filters.
Yup, it works again! Thanks.
How is it not accessible?
Tedu’s blog is not accessible from anywhere because he intentionally broke SSL on it to make a point and also set up a forced redirect.
Ooh. I have a script set up which sends articles from various RSS feeds to my Kindle, including tedu’s blog. Sometime earlier this week it stopped working. I haven’t SSH’d in yet to check, but maybe this is why.
That is not true.
Your comment does nothing answer the question I had. How exactly is it broken for utzig, and why in Brazil in particular?
I use virtua which is the biggest cable internet provider in Brazil. As he answered already, seems that there were some filters which were filtering both email and www…
Is it only for me that I get an SSL error due to a seemingly self signed certificate? - or is this on purpose?
It’s not only you. It is on purpose.
You’ll have to trust tedu a little if you want to read his blog. ;-)
I don’t know if my browser got the right cert, but the information presented on the page I got certainly seems to be correct (i.e. matches commits I’ve seen on source-changes@).
Of course there’s no reason to assume you’re getting the same information as anyone else.
True :)
It’s on purpose.
Unfortunately lobste.rs deliberately doesn’t let users hide all posts from particular domain. Any chance of a
broken-ssltag, or a policy to disallow links with dodgy certificates like this?It’s not a broken or dodgy cert. The difference is the trust model that @tedu is using. He is asking users to put trust in him vs a CA (https://www.tedunangst.com/flak/post/moving-to-https - I know you can’t see it without the cert). The important part is this:
The difference now is that your browser paints a terrifying UI vs rendering stuff with a cert it doesn’t know about.
The model he is using is similar to SSH’s “Trust on first use” but with a few extra steps to cope with the UI that operates via the “Trust anything from these guys, they are totally OK, right? RIGHT?” model.
Anyway, here is the cert, a sha256 sum and its sha256 fingerprint of it if you feel like importing it into your browser:
I have also signed this message using my pgp stuffs. I guess this means we have a lobste.rs based web of trust using the Comments protocol?
The real question in all of this shouldn’t be “why is @tedu using broken / dodgy certs”, it should be:
Who do you trust more?Raw post / sig: https://deftly.net/lpost.txt https://deftly.net/lpost.txt.asc
PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE
I wouldn’t mind importing the CA, but how well does the name constraint work in Firefox?
This is actually cool if it works!
Should work in all “modern” browsers. I did some testing to confirm. There’s a lot of stackoverflow answers that it doesn’t work, but most of them are old. They do make it difficult to find out.
Edge seems to not like it - though I am not 100% sure I imported the cert into the correct store.
Definitely works with edge. It has to go into the “Trusted Root CA” store, not the “Third-Party Root” store, or any of the other dozen. If you let it pick on its own, I have no idea where it goes. Fun times. You should get yet another warning that you’re about to do something terrible and dangerous. If you don’t see the scary message, you didn’t put it in the scary place. :) You can add it for just your user, not the whole machine.
It is a dodgy cert, or at least the only reasonable/practical security posture is to treat it as one (if it were a legit cert there would be no reason not to have it cross-signed by a reputable CA). I have no interest in importing some random blogger’s CA into my browser or adopting some manual CA import process in the general case (I’m willing to support efforts at a practical web of trust system - I actually used the monkeysphere addon for a while, but it now seems defunct). I would expect most security-conscious readers to feel the same. As such, I’d like to be able to filter sites like this out of my lobste.rs frontpage.
Why is tedu’s cert any more dodgy than what you get from all those reputable CA’s that have made sure governments can MITM you at will?
A CA that had been caught doing that would present the same way as tedu’s CA. Should browsers be stricter than they are? Maybe, but even if I don’t think the bar for inclusion in the browser is as high as it should be, I’m sure as hell not going to trust a CA that hasn’t met it.
Do you trust ssh fingerprints when you ssh into a machine? Do you use pgp?
There are about 2 machines I ever ssh to over the public internet, for which I confirmed the fingerprints manually.
I use PGP for email exchanges with a small number of personal friends, who I confirmed fingerprints with in person.
Isn’t that the same trust model as using tedu’s cert?
I assume you manually confirmed the fingerprints via
ssh-keygenor similar, how ever it was done - you have put some trust in someone (either the CA / people who bundle the CAs for the web-terminal you are using, or that your connection isn’t mitm’d in the first place)I will give ya that pgp is a bit different, but only for manually verified fingerprints. I am willing to bet that the vast majority of people using pgp for things like validating mails / releases of packages use the “Trust on first use” model.
I mean I visited those specific physical machines and confirmed the fingerprints on their consoles.
Sure. I trust the overall bundle-of-CAs, and that’s not ideal. But there’s at least some accountability in that system in a way that there just isn’t for “tedu”. Browser makers and CAs both have a lot more skin in the game than some guy with a website.
This is where the
tedu modelshines! You aren’t being asked to trust “tedu” beyond anything that isn’t already under the control of tedu, and, no third parties involved. I feel like a lot of the accountability problems fall by the way side when you are operating on an individual-site-level of trust vs a here-are-the-sites-we-trust model.No, I’m being asked to trust the public network path from me to… well, who knows where? Verifying that the site I see the second time is the same as the site I saw the first time is the easy part (and something that, in this age of HKPK, browsers are doing even in the CA world). Verifying the first time one visits is important too though.
I don’t see how anyone could know this with absolute certainty. Can you provide a proof for this claim?
I’m not sure what your “absolute certainty” point is? What you see when you go to tedunangst.com is a site with a certificate signed by a CA that’s not in your browser’s trusted roots - this is exactly what you get when you go to sites from CAs that were caught helping governments MitM and have therefore been removed from your browser’s trusted roots (currently only WoSign).
I don’t know any of the people who add CAs to my browser, and I don’t know any of the people operating the CAs.
How can anyone know that all of the CAs in their browser will never break the rules you describe, such that CAs wll never, knowingly or unknowingly, validate a certificate they have no business validating?
However, I could actually validate and store tedu’s cert if I wanted to. Which means I could get more secure access to his blog than to my bank’s website.
I don’t either, but they are at least public figures that have some accountability that way. If Mozilla or VeriSign shipped a bad certificate, there’s at least a chance that people would notice and make a fuss, and that there would be financial consequences for those organizations (as we’ve already seen with WoSign). If tedu (who I don’t know either) shipped a bad certificate, who would know or care?
How so? You can validate and store any site’s certificate if you want to, CA signing just gives you an additional level of validation. Indeed if a site is using HPKP then your browser will already be doing a trust-on-first-use style of validation on subsequent visits - just with additional verification on the first use.
Doesn’t HPKP imply that the TLS trust model is admittedly so broken that it needs a workaround at the HTTP layer? What about TLS for, say, email? Will all applications using TLS have to solve this problem which TLS was intended to solve?
I have not read about TLS 1.3 yet. Maybe the new edition has fixed this?
The TLS model is fine. HPKP gives the super-paranoid folks a way to get what they want without breaking compatibility with the rest of the system, that’s all.
Authentication probably needs application-layer components, because only the application can really define the security model. Drop-in encryption at the transport layer only goes so far. Web browsers align nicely with domain names; ssh aligns nicely with Unix user accounts, but other domains require their own models.
Caught? By governments?
They’re all compromised, because governments really really want to compromise them, and no one wants their life fucked up for standing up to them.
Can you guess one of the requirements for meeting that bar?
Caught by browser vendors, or by anyone who published evidence.
If governments were systematically issuing bogus certificates we’d’ve caught them by now, given certificate transparency. WoSign was caught and will never be trusted again. Maybe some governments could be keeping a few compromised CAs in the back pocket and using them occasionally for strictly targeted attacks against individuals, but even that’s risky. And principled people do exist, and any ongoing compromise would risk bumping into one sooner or later.
Oh FFS. Speak clearly or not at all; I have no interest in playing games.
I thought it was clear that making it possible for governments to MITM people was the requirement I was referring to.
On a related note, not bothering happy cartel members with actual competition is one of the requirements for a banking or ISP licence.
What’s “certificate transparency”?
Looks like WoSign was caught being compromised by some random criminals or something - not governments. If that’s the case, WoSign isn’t relevant to our discussion.
Maybe? You know there’s always a bunch of psychopaths everywhere, happy to receive bribes/benefits for shafting all of mankind, and if that’s not an option, they can just directly force some people to make it happen.
What would you expect? “Oh gosh, we sure would LOVE to see all that traffic, but it’s encrypted so I guess there’s nothing whatsoever we can do about it ever!!”
I think in practice it makes very little difference. The intentions are the same.
I wonder if you genuinely believe that. But no, the intentions are completely different.
The government won’t MITM you to get your money - they just take your money by force every year anyway.
Instead, the government wants to MITM you so that they can identify you as a potential threat to their continued rule over everyone, and move to neutralize the threat if necessary.
I like to think that I am a security conscious user. I met @tedu in person and I trust his self signed certificate more than a third party emitted certificate. Would I trust him signing a cert for gmail? No. I do not however see a problem with him self signing a certificate for his own site.
On the other hand, there was more than one occurrence of a ‘trusted’ CA signing domains without due diligence and our browsers didn’t warn us about that. The CA model is f—ed and broken.
certificate authorities are not always trust worthy.