← thoughts

Who Signs the Signer?

The certificate chain naturally has to end somewhere - keep asking who signed what, and you end up at a root that signed itself. Most assumptions in security do, too.

Who?

Encryption is only useful if you know who you are encrypting to. Without some form of authentication, a man-in-the-middle can sit between two sides, negotiate separate encrypted connections with each one, and forward traffic between them.

Certificates handle that authentication by binding a public key to a domain name, and carrying a signature from a Certificate Authority your browser already trusts.

Follow the signatures upward, and the same question eventually comes back:

Certificate Chain
Sidenote: Certificate chains delegate authority from root CAs through intermediaries to end-entity certificates.

Each signature points to another certificate until the chain reaches a root, and from there the decision comes from the root store shipped by the operating system or browser vendor.

What?

In 2011, DigiNotar, a Dutch CA trusted by major browsers, was compromised. A fraudulent *.google.com certificate was used in attempted MITM attacks against users in Iran. Chrome caught that certificate, but DigiNotar later confirmed more than 200 fraudulent certificates across more than 20 domains (oops), and browser vendors subsequently removed it from their trusted roots.

After DigiNotar, Certificate Transparency made certificate issuance easier to watch. It's important to note that public logs do not prevent a CA from issuing the wrong certificate, but they at least make it harder for that certificate to stay hidden.

If an organization installs its own root certificate on employee machines, an inspection proxy can issue certificates for the sites it intercepts and sit between the browser and the real server. To the browser, those certificates chain back to a trusted root, which interestingly could have nothing to do with the website you trusted.

Why?

Every system has a version of the self-signed root, some assumption at the foundation that everything else is built on. The certificate chain makes it literal, and most of vulnerability research is finding the ones that aren't.