MoxibleMay 21, 2024

what if the hacker provided the public key for https connection?

https://monyet.cc/post/4974494

what if the hacker provided the public key for https connection? - monyet.cc

So this video explains how https works. What I don’t get is what if a hacker in the middle pretended to be the server and provided me with the box and the public key. wouldn’t he be able to decrypt the message with his private key? I’m not a tech expert, but just curious and trying to learn.

Show threadlostmypasswordanewMay 21, 2024
All TLS/HTTPS clients have a set of Certificate Authority keys which they trust. Your client will only accept a public key which is signed by a trusted CA’s key. A proper CA will not sign a key for a domain when it has not verified that the entity that wants it’s key signes actually controls the domain.
Show threadmoxMay 21, 2024

A proper CA will not sign a key for a domain when it has not verified that the entity that wants it’s key signed actually controls the domain.

Most browsers trust many certificate authorities from all over the world.

Any of them could…

  • be compelled by authority
  • be compelled by threat
  • be hacked
  • have a lapse in ethics
  • have a rogue employee
  • etc.

…and yes, it has happened already.

HTTPS as most of us use it today is useful, but far from foolproof. This is why various additional measures, like certificate pinning, private CAs, and consensus validation are sometimes used.

Show threadlemmyvore
I urge everybody to read up on CA records in DNS and add them to your domains. They basically say what CA the certs for that domain are supposed to come from. Even if another CA issues valid certs for the domain they would be rejected if they don’t match the CA în DNS.
May 21, 2024 at 9:34amWeb
Show threadIHawkMikeMay 21, 2024

They mean CAA records:

developers.cloudflare.com/ssl/…/caa-records/

Add CAA records

A Certificate Authority Authorization (CAA) DNS record specifies which certificate authorities (CAs) are allowed to issue certificates for a domain. This record reduces the chance of unauthorized certificate issuance and promotes standardization across your organization.

Cloudflare Docs
Show threadlemmyvoreMay 22, 2024
Right, I’ll fix it.