Welcome to the staging ground for new communities! Each proposal has a description in the "Descriptions" category and a body of questions and answers in "Incubator Q&A". You can ask questions (and get answers, we hope!) right away, and start new proposals.
How to mitigate the risk of self-signed root CA? Question
Since self-signed server certs are discouraged nowadays, often people create their own root CA and sign server certs with that.
Obviously client apps won't trust the root CA, so the admin must then ask all users to install the root CA on their computer. With this, server certs signed by the root CA become accepted as valid.
However, this also introduces a security problem: With the root CA, the admin obtains a vector to MITM any site, like google.com. Often, the admin's goal is to simply provide secure TLS to their own server, and not to participate the security of connections to every site.
This is such a big trust requirement that even the admin himself might be concerned. You obviously wouldn't MITM yourself, but now the danger of leaking your CA's private key goes from "they can MITM a handful of servers I run" to "they can MITM any server".
Is there a way to get around this by restricting domains your own CA can issue certs for? This way, if you tried to sign a cert for google.com with this CA, the browser (and other apps) would reject it because google.com is not in the list of domains this CA is allowed to issue certs for.
0 answers
1 comment thread