Explore a critical analysis of Let's Encrypt's distributed domain validation system in this 29-minute Black Hat conference talk. Delve into the vulnerabilities exposed by recent off-path attacks against PKI and examine how Let's Encrypt's 2020 implementation of multi-vantage point domain validation aimed to counter on-path MitM adversaries. Uncover two central design flaws that render the system susceptible to downgrade attacks, as presented by security researcher Haya Shulman. Gain insights into the complexities of PKI security and the ongoing challenges in maintaining robust domain validation processes.
Overview
Syllabus
Let's Attack Let's Encrypt
Taught by
Black Hat