
Distrusting StartSSL - raimue
https://raim.codingfarm.de/blog/2014/04/12/distrusting-startssl/
======
dewey
Feels a bit silly to complain about a _free_ certificate from the CA which
probably helped a lot of people to even think about using SSL on their site
and if I'm not mistaken it's just 25$ to get a new one. That's even cheaper
than getting one from Comodo/etc. They always said that revoking a certificate
is not free, that's what you signed up for.

~~~
guan
The $24.90 fee also applies to paying Class 2 customers. Only EV certificates
get free revocation from StartCom.

My own personal blog (not very critical) has a Class 2 certificate, and I
decided to switch to a Comodo PositiveSSL ($5/year for 5 years) and not revoke
the StartSSL one.

~~~
yeukhon
I don't see where it said $5/year. Right now it costs $50 per year.

 _EDIT_ :

Are resellers like them more trustworthy? I understand that big CA often sells
out to smaller CA and smaller CA sell out to even smaller CA. But how
trustworthy are ssls.com and namecheap?

 _EDIT_

Okay. I see. namecheap has been running since 2001 which means it has been
doing business pretty well :) So why are they cheaper? Because namecheap are
the one managing all the accounts and Comondo is only doing validation?

~~~
jgillich
It's a lot cheaper when you buy it through resellers (like NameCheap).

------
yeukhon
_EDIT_ : Okay. Downvoter. Now defend your position.

I think people should clam down and think thoroughly.

I don't know the actual math on the cost for a CA to revoke and re-issue a new
certificate. But what if someone finds another critical vulnerability? Do we
go back and ask to revoke our certificate again? Free of charge?

Is it necessary to call StartCom evil? Is that even fair?

If you are serving real user data, please get a paid certificate yourself.
Why? Because you have slightly better control of your certificate. If you are
just running demo or running personal blog then get one from places like
gandi.net (1 year at $16.00)

 _edit_ : someone mention ssls.com and namecheap.com (resellers) offer cheap
Comondo PositiveSSL at less than $10 per year.

If you are running open source project, consider
[https://www.globalsign.com/ssl/ssl-open-
source/](https://www.globalsign.com/ssl/ssl-open-source/) and
[http://www.godaddy.com/ssl/ssl-open-
source.aspx](http://www.godaddy.com/ssl/ssl-open-source.aspx).

If you still can't afford one, I really don't know what to say to you at the
moment.

~~~
drdaeman
@EDIT: Sorry, that was me. I've misclicked the wrong button - meant to upvote,
and there seems to be no way to undo. Nonetheless, I disagree.

> Do we go back and ask to revoke our certificate again? Free of charge?

That's right, ask to revoke. In current system, considering the position CAs'
are in, trust is primarily their problem. If CA's not revoking the certificate
that's compromised, it's CA who's to blame, not server administrators. Not
sure about server admins who don't want to pay, but end users (those who see
the false green padlock) have full moral right to call such CA "evil".

~~~
yeukhon
Thank you. I think people should try to explain their downvote whenever
possible so that I can have a decent discussion as my argument isn't always
"correct".

Like I said I don't know the cost to revoke certificate as a CA. One possible
defense for StartCom is that they are worried about facing the same bill as
the next critical vulnerability emerge. Someone said in some other threads
that StartCom has this fee from ancient time. If that's true, this is just
another "fine print" issue.

> but end users (those who see the false green padlock) have full moral right
> to call such CA "evil".

I agree. Though the question remains: should the CA take the blame of the flaw
of a library every time given CA is not a charity, but a business?

------
ibejoeb
Heartbleed is a big deal, and there's not a single entity that can bear the
burden alone. We've all got to do our parts to revoke the millions of bad
certificates, and we've go to be pretty quick about it.

I'm a StartCom customer, and I'm going to suck it up and pay to revoke all of
my certificates, including several class 2s and an EV. I'm going to do it
because it's better for the PKI than if I don't.

Now, StartCom, It would be nice if you'd help us out, too. This is a mess.
Maybe we can get a bit of a break. Maybe you can revoke all of my certs for
$25. Or maybe it can be $5 or $10 a piece. We want to put you out of business,
but come on, we all know signing certs is tantamount to printing money. If the
trust model falls apart, you're out anyway, so how about playing an active
role in sorting this out?

~~~
tptacek
Very few people will actually have lost privkeys. Patching your server is a
much more important countermeasure than revocation. Certificate revocation in
practice works nowhere nearly as well as it does on paper; in fact, it comes
dangerously close to not working at all. Read Adam Langley's (jaundiced) take
on OCSP for more details.

Long story short: certificate revocation is probably not a big enough deal for
Start to somehow be required to rewrite the terms you agreed to when you
acquired your certs from them.

~~~
rentzsch
I think this is Langley's post tptacek is referencing:
[https://www.imperialviolet.org/2012/02/05/crlsets.html](https://www.imperialviolet.org/2012/02/05/crlsets.html)

~~~
tptacek
Yup. _So soft-fail revocation checks are like a seat-belt that snaps when you
crash. Even though it works 99% of the time, it 's worthless because it only
works when you don't need it._

------
paulirish
Cached version:
[http://webcache.googleusercontent.com/search?q=cache:llk9t9Y...](http://webcache.googleusercontent.com/search?q=cache:llk9t9YOBvQJ:https://raim.codingfarm.de/blog/2014/04/12/distrusting-
startssl/&hl=en&gl=us&strip=1)

------
hesselink
They're also not about to change it:
[https://twitter.com/startssl/status/453631038883758080](https://twitter.com/startssl/status/453631038883758080)

------
dfc
None of this has anything to do with StartSSL's trustworthiness as a CA. It is
ridiculous to see that people are whining that a company that signed their
cert for $0.00 is asking for some money for additional work. The $25 rekeying
is a steal for a certificate.

What CA in mozilla/chromium comes closest to StartSSL's $0.00 or $25.00
certificate? That question is not rehetorical, I am genuinely curious what is
the second cheapest option for a signed certificate (from a CA trusted by
default in mozilla/chromium).

~~~
aroch
PossitiveSSL2 (Comodo) through a reseller (I use
[http://cheapsslsecurity.com/](http://cheapsslsecurity.com/) \--
$5/year/5years)

~~~
dfc
I was thinking about the two Comodo RAs (or three?) that had been compromised
when I said _from a CA_ trusted by mozilla/chromium:

[https://bugzilla.mozilla.org/show_bug.cgi?id=470897](https://bugzilla.mozilla.org/show_bug.cgi?id=470897)

[https://bugzilla.mozilla.org/show_bug.cgi?id=526560](https://bugzilla.mozilla.org/show_bug.cgi?id=526560)

[https://bugzilla.mozilla.org/show_bug.cgi?id=599856](https://bugzilla.mozilla.org/show_bug.cgi?id=599856)

~~~
aroch
They're in both browser's truststores. That's about as "trusted" a CA can be
by an inanimate object.

For a CA that issues hundreds of thousands of certs, three instances of
mistakes is not damning. Whereas a CA, like STartCom, that boldly proclaim to
be the second coming of CA-Jesus and gives away certs for free and relies on
predatory charges (pay high fees when you're in trouble) is.

~~~
dfc
cheapsslsecurity is not a CA, so we can hopefully agree that this does not
count as "from a CA"?

Comodo Free 90-day Certificate: [https://www.comodo.com/e-commerce/ssl-
certificates/free-ssl-...](https://www.comodo.com/e-commerce/ssl-
certificates/free-ssl-certificate.php)

~~~
aroch
They're a reseller, if you took the 20sec it took you to make asinine replies
to actually look you would see that they sell Comodo, Thwate, and Verisign
certs. But thank you for your useful commentary.

~~~
dfc
What was asinine about my comment? I knew cheapsslsecurity was a reseller and
I specifically said "from a CA" in my initial comment and then again in my
first reply to you. I said _from a CA_ because I was thinking about Comodo and
their RAs history of awesomeness.

What is the significance of the fact that they also resell other companies
certificates?

------
sexmonad
StartSSL's default usage mode is to generate private keys on their website.
Yet another horribly insecure system.

I'd much rather that people used self-signed certs (and browsers had
certificate pinning) by default, and could then step up to real CA
certificates. Self-signed certs provide almost the same amount of trust that
StartCom does.

~~~
kmac_
> StartSSL's default usage mode is to generate private keys on their website.

No. AFAIR they use HTML5 <keygen> tag to generate key pair.

~~~
drdaeman
That's for personal (client) certificates.

For server certificates, unless you supply the CSR by yourself by skipping a
step (IIRC, you're softly encouraged to do so), they generate the key server-
side and send it to you back. They even have a FAQ entries (##43,44, although
their site is down ATM, so Google for a cached copy) about that.

~~~
kmac_
You're right, I've mixed up things.

