Explore a critical analysis of Let's Encrypt's distributed domain validation system in this 29-minute Black Hat conference talk. Delve into the vulnerabilities exposed by recent off-path attacks against PKI and examine how Let's Encrypt's 2020 implementation of multi-vantage point domain validation aimed to counter on-path MitM adversaries. Uncover two central design flaws that render the system susceptible to downgrade attacks, as presented by security researcher Haya Shulman. Gain insights into the complexities of PKI security and the ongoing challenges in maintaining robust domain validation processes.
Overview
Syllabus
Let's Attack Let's Encrypt
Taught by
Black Hat
Related Courses
-
Stalloris - RPKI Downgrade Attack
-
Off-Path Attacks Against PKI
-
Phoenix Domain Attack - Vulnerable Links in Domain Name Delegation and Revocation
-
Bamboozling Certificate Authorities with BGP
-
A New Attack Interface in Java Applications
-
WiFuzz - Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
