
Certificate Authority provides free certificates - stakent
http://www.disog.org/2010/01/certificate-authority-provides-free.html
======
dangrossman
The only difference between what they're doing and what every other SSL issuer
is doing already is 20 bucks. A cheap-o certificate from GoDaddy or your
favorite reseller does no more than validate domain ownership by e-mail as
this freebie does.

~~~
fexl
SSL is a messed up protocol, relying on trust in central authorities. SSH did
it right: it only ensures that the server you connect with today is the same
one you connected with yesterday, and it does not aim to do anything more.

An SSL certificate "verified by King George" does not mean that you can trust
the vendor with your money or your data. _I_ have to decide to trust the
vendor that much, and nobody else can do it for me. All I want the crypto to
do is verify that I am now talking with the same vendor I talked with
yesterday.

I don't mind using a certified signed by someone not crowned as a king, for
example <https://secure.loom.cc>. Or I could use this one <https://loom.cc/>
"verified by Equifax" which means nothing special to me.

I don't care that _someone else_ decreed that "this is the One True loom.cc
site." All I care is that the site I initially decided to trust is the same
site I'm connecting with now.

~~~
zokier
You can just remove all CA certs from your browser and then it works somewhat
like SSH.

~~~
fexl
Yes, it's pretty close. However where SSH warns you whenever you encounter a
new server, the SSL in your browser only warns you when you encounter a new CA
(Certificate Authority).

For the browser to behave more like SSH, it would have to maintain a list of
_individual sites_ which you have accepted as genuine. Then if you get a
phishing email asking you to click a fake link such as <https://lo0m.cc>, you
will get a warning even if the lo0m.cc site has a certificate "verified by
Equifax" or whomever. This is a good example of where the current SSL protocol
utterly fails.

When you visit the real loom.cc site which you originally trusted, you should
see a happy warm reassurance in the browser bar, maybe including a pet name or
avatar. But when you visit lo0m.cc, you should see the entire browser framed
in red with a warning that this is the first time you have ever visited this
site and you could be the victim of a phishing expedition. Something like
that. I'm hand-waving a bit now. And it may get annoying for people at first,
as they establish trust in their first 20 banking, gaming, or social
networking sites. Kind of like installing a new CA root 20 times right? You
don't want it to be _too_ easy or people might just "click through"
unconsciously. But personally I don't find this to be a great difficulty with
SSH.

Indeed the building blocks are all there in SSL, namely (1) the verification
of digital signatures, and (2) the negotiation of a symmetric encryption key.
Some may carp about the protocol or the code being a mess, but as a black box
it works just fine.

I think browser writers could phight phishing more effectively by thinking
outside the box of implicit trust in central authority.

~~~
tptacek
Almost no aspect of the phishing problem is rooted in HTTPS.

~~~
fexl
That is precisely why I criticize SSL. One of the primary goals of SSL is to
_authenticate_ a site so that Grandma can rest assured she is not being
scammed. "Phishing" represents a catastrophically expensive failure to achieve
that goal.

Trusted root CAs have "verified" millions of SSL certificates to one degree or
another, from simple checks for domain control all the way up to brick and
mortar audits. The problem is, any one of those millions of certificates can
be used to phish customers of building-and-loan.com and steal massive amounts
of their money.

A scammer simply sends Grandma an official looking email saying "We have
recently received a request to wire money out of your Building and Loan
account. Please log in _here_ to confirm or deny this request. This extra
level of precaution is for your safety. Sincerely, [insert signature of CEO
here]."

Now when Grandma clicks the link, she is taken to an SSL-protected site called
"building-and-loan-confirmation.com", which to Grandma's delight and comfort
is "verified by Equifax". This misplaced trust costs Grandma $25,700.

I am thinking the _very least_ browser writers can do is give Grandma a simple
way to "confirm" a site which she has visited. Once she has confirmed it, and
maybe given it a "pet name", her browser will display an especially reassuring
theme any time she visits that site again (e.g. green border, friendly
picture, familiar name, whatever).

Grandma still needs to know that she should _only_ log in when she sees that
reassuring theme. Any time she visits a non-confirmed site, she will only see
a plain looking neutral theme. (Note: NOT alarming red, because then she'd be
see red constantly as she browses around. Just neutral.)

Note that the suggestion I just made actually has _nothing_ to do with SSL.
Keep in mind that a phisher could easily send Grandma an _unsecured_ link in
an email -- no HTTPs at all. If Grandma clicks that link, she will only see a
neutral theme, and if she remembers her lesson, she will NOT log in because
she does not see the reassuring theme.

Of course, you could also say that Grandma should remember this lesson: don't
click links in emails. Only visit sites by (1) typing in the name yourself or
(2) using a bookmark. But I'm just trying to suggest a way to help Grandma
_after_ she has forgotten that primary lesson.

Here's another idea. You know how Firefox remembers passphrases for you,
protected by a master security passphrase. That could help here. If Grandma
visits the real building-and-loan.com site, her user name and password will be
filled out for her automatically. If she visits a phishing site, it won't.
That is another "hook" where browser writers might do something to help dear
Grandma protect her property from predators. Something along the lines of:
"This site is asking you to log in, but you have never logged into this site
before. Are you _sure_ you want to do this?"

------
qjz
Huh? Since when does a CA need your private key/passphrase? Any time I've
gotten a commercial certificate, I've only had to provide a Certificate
Signing Request (CSR). Ahh, it seems the author didn't follow all of the
instructions on the page he referenced
([http://www.h-online.com/security/features/SSL-for-free-
step-...](http://www.h-online.com/security/features/SSL-for-free-step-by-
step-906862.html)):

'After that, StartSSL kindly offers to generate a pair of keys for the
certificate. However, since the private key for protecting one's own server
should never be given away or generated by someone else, the "Skip" option
should be chosen and the Certificate Signing Request generated earlier should
be uploaded onto the server.'

This is a bit creepy. StartSSL is providing a "free" certificate using a
process where they also generate the private key & passphrase (unless you're
smart enough to realize what a terrible idea this is). That's like the
hardware store keeping a copy of every key they cut.

------
sorbits
Only class 1 certificates are free.

This is a great service as it allows me to setup secure IMAP, SMTP, Jabber,
etc. without having to pay a third party money for this extra security, and
without having to bother my users with installing my self-signed root
certificate (StartSSL’s certificate is known to OS X and browsers except IE
and Opera).

I don’t see how free class 1 certificates help scammers, phishers, and
similar.

~~~
Murkin
Where did you see its not known by IE ?

That is a deal killer..

~~~
sorbits
It seems they are now supported by IE judging from this page
<http://www.startssl.com/?app=40> which show icons of all the major browsers
incl. IE but excl. Opera, and this page <http://www.startssl.com/?app=22>
which has the following text redacted (overstrike): _Startcom’s certificate
isn’t trusted by the Microsoft Internet Explorer_.

So I think that it is now supported by IE, question is, which version of IE
and/or Windows. I can’t find any details about this on the StartSSL’s pages
(there used to be a FAQ entry iirc with browsers supported which included
version and OS).

------
jrockway
I tried to get a certificate for my own domain name, but I was not allowed to
create an account "pending verification". So really, maybe this is not as easy
as the article suggests.

~~~
durana
I ran into the same problem when I first used StartSSL a few months ago. It
seemed like there were some cases where automatic verification would work and
other cases where verification was deferred to a human. I believe StartSSL is
a small, possibly one man, operation, so you might have to wait a few hours
for human verification. Once my account was verified, everything after that
was pretty easy and quick.

