[members-discuss] Charging scheme 2025 proposal (logarithmic)

On Tue, Apr 16, 2024 at 11:09 PM Kaj Niemi <kajtzu at basen.net> wrote:
>
> If you have a state actor with their own CA they can issue whatever Evil Certificate that they need although I guess it would leave some kind of trail. That does sound slightly inconvenient. Agree that it is more convenient to have someone else issuing them. Plausible deniability and all that.
>
> The browsers really don’t care which CA issues the certificate and CAA records aren’t checked by the browsers (by design, I think?) and HPKP is not used anymore either?
>
> How does paying for a DV or the green EV - I think browsers don’t show this anymore - Good Certificate help then? Besides spending 1000 or whatever and ending up with the Good Certificate? The state actor can still have a Evil Certificate issued by someone else and your browser will be just as happy seeing it as if it were your Good Certificate.
>
> I guess the issuing CA should check CAA but do they all do that? I've never added any CAA records anywhere and have over the years procured a few of certificates. So I'm guessing that also not a real option.
>
> How should this be fixed, in your opinion, considering the above?
>

I think that you are overestimating the cost of the attack in
question, the article says 'state actor' but due to low cost and low
complexity it is available to a lot of interested parties. Of course
'big' CAs could be easily subverted by the government, even explicitly
preserving the original cert's attributes, but it's pretty much
impossible for a datacenter technician or system administrator to
violate the integrity of the 'big' CA as it is possible for them to
violate integrity of the LE issuing chain, since it relies exclusively
on a DNS record validity and ultimately on a traffic path to a
relevant IP address.