Everything you should know about certificates and PKI but are too afraid to ask

The stuff about CAA is wrong.<p>CAA is NOT checked by browsers, the BRs do not say browsers should check CAA, and indeed it is specifically NOT designed to be checked by RPs at all. CAA tells the Issuers (Certificate Authorities) whether the name owner authorises them to issue at a moment in time.<p>If you think &quot;that seems useless&quot; it&#x27;s probably because you completely misunderstood the security model it&#x27;s written for. We don&#x27;t want untrustworthy or incompetent CAs at all, this is not a guard against those. This is a guard against trustworthy, competent CAs that you&#x27;ve got your own reasons to disallow for your specific names.<p>Example: Facebook for years had a single preferred CA and their contract with that CA said everything gets signed off by the certificates team. After Let&#x27;s Encrypt came on the scene a subcontractor developing example.facebook.com needed HTTPS, didn&#x27;t read all the paperwork from Facebook and just got a cert from Let&#x27;s Encrypt. Facebook security freaked out because their team hadn&#x27;t authorised this weird new certificate. Let&#x27;s Encrypt did nothing wrong, but it looked exactly like an attack. CAA lets Facebook tell every CA except the one that knows about their internal policy, &quot;Thanks, but no thanks&quot;. Let&#x27;s Encrypt would have checked CAA and told the subcontractor &quot;Sorry, no, policy forbids, check CAA&quot; and when they went to Facebook to ask why they&#x27;d have got an earful for not obeying policy.

PKI works. Period. I don&#x27;t understand how knowledgeable engineers complain about PKI being &quot;too complex&quot;. The same people complain that SMTP, DNS and NTP is too difficult too (and claim it can only be solved with external services).<p>Granted having your own home-grown authentication &amp; identity management &quot;salad&quot;, or a very complex system that never addressed identity&#x2F;authenticity, ... then replacing this with PKI <i>will</i> force you to deal with a lot of technical debt. But don&#x27;t blame PKI for it.<p>Blaming PKI has become rampant. Those that don&#x27;t know can&#x27;t dispute the nonsense and those that do know may have an agenda (snake oil vendors).<p>Hating on PKI has become like a bad habit in IoT (vendors see an opportunity to sell trash to an uninformed and ignorant audience). Be careful especially in IoT: There are a lot of snake oil proposals which promise to replace PKI here ... you should run as fast whenever you see these &quot;proprietary, patent-pending, post-quantum-proof, blockchain solutions !! (the correct response to these vendors is: &quot;BEGONE MAGICIAN!&quot;).<p>PKI isn&#x27;t easy but neither is email, Kubernetes! It&#x27;s as simply as it can be given the circumstance and job it has to solve. And PKI is essential knowledge as much as Latin is required for medicine.

Thanks for sharing, this kind of information is really rare and useful because A LOT of (techincal) people just don&#x27;t understand PKI and certificates properly.<p>Also you&#x27;ve mentioned in the section “Naming things” that DN is deprecated, strictly speaking it&#x27;s not. The Subject field is deprecated when browser matches certificate with domain, DN is still perfectly valid and Subject field MUST contain a proper DN as stated in <a href="https:&#x2F;&#x2F;tools.ietf.org&#x2F;html&#x2F;rfc5280#section-4.1.2.6" rel="nofollow">https:&#x2F;&#x2F;tools.ietf.org&#x2F;html&#x2F;rfc5280#section-4.1.2.6</a>.

The other day I noticed that most mail doesn’t come through when disabling TLS 1.0 &amp; TLS 1.1. To my dismay it seems some major smtp service don’t support TLS 1.2. After enabling 1.0 &amp; 1.1 mail came rolling in.<p>Anyone able to shed some light on what happened there to me?

Here&#x27;s something nasty. The firewall where I am working (provided by Palo Alto Networks) can decrypt https and other &quot;secure&quot; traffic passing through it. I believe it auto-negotiates down to TLS 1.1 at which point it can decrypt everything to plain-text and can examine it to its hearts content.<p>They are supposed to whitelist financial addresses (such as banking details) but would you trust that to be happening?

Hah, I think &quot;Trust CA&quot; deserves just as much of a &quot;(lol)&quot; as &quot;Trust DMV&quot; given the shit some CAs have done in recent years, how many vulnerabilities they&#x27;ve swept under the rug and how many of them are run by governmental agencies in less than scrupulous places.

See also <i>Everything you Never Wanted to Know about PKI but were Forced to Find Out</i>, by Peter Gutmann:<p><a href="http:&#x2F;&#x2F;www.cs.auckland.ac.nz&#x2F;~pgut001&#x2F;pubs&#x2F;pkitutorial.pdf" rel="nofollow">http:&#x2F;&#x2F;www.cs.auckland.ac.nz&#x2F;~pgut001&#x2F;pubs&#x2F;pkitutorial.pdf</a>

This is really good. Reformat it and turn it in to a book. Market it as essential reading for anyone running or thinking about running kubernetes or vault.<p>Edit: actually this is way more in depth than is needed for k8s. But, I think that&#x27;s a good target market for a book you can sell like candy for $25.

At work, on Chrome I get this error: `ERR_SSL_PROTOCOL_ERROR`... oh the irony.

Shameless plug: For anybody interested in the cryptographic key management part there is a post about the hardware, people and processes behind the commercial cryptographic key management <a href="https:&#x2F;&#x2F;www.malgregator.com&#x2F;key-management.html" rel="nofollow">https:&#x2F;&#x2F;www.malgregator.com&#x2F;key-management.html</a>

Love it. Very elaborate and informative.

There is more to HTTPS than just certificates. For instance, the website lacks an HSTS header.

FYI - I&#x27;m not the author of the article. I found it very useful and hence posted it here on HN.

Thanks for the great tutorial, just wanted to point out a typo in your homepage (permieter)

Good article thanks for sharing