
Free, automated SSL certificates for Sandstorm self-hosters - paulproteus
https://blog.sandstorm.io/news/2015-10-01-free-ssl-certificates.html
======
beckler
I know this isn't fully related to the blog, but I think I found my favorite
Sandstorm contributor:
[http://i.imgur.com/nrlbY3f.jpg](http://i.imgur.com/nrlbY3f.jpg)

~~~
kentonv
Jas is one of my favorites too. :)

------
abritishguy
>To solve this, Sandcats issues certificates valid for only seven days.

I'm not sure I'm convinced that the primary motivation for the 7-day certs was
users security.

~~~
kentonv
What other motivation do you suspect?

~~~
abritishguy
A requirement of the SSL provider, it doesn't really do much to protect
against heartbleed like vulnerabilities - just limits the time an attacker can
use the key to 7 days.

~~~
kentonv
The 7-day expiration was definitely something we (Sandstorm) asked for, not
Globalsign.

It does simplify recovery after a Heartbleed-like bug, as described in the
blog post. Of course it doesn't prevent the bug from happening, but it does
greatly simplify recovery afterwards, which is important to me. The security
properties are in fact the most exciting thing about short-lived certificates
for me personally.

For the sake of transparency, there is another motivation: For a 1-week
certificate, we pay 1/52 of what we would have for a 1-year certificate. So if
a user installs Sandstorm, gets a certificate, and immediately uninstalls, we
don't pay for a full year. More importantly, if a user installs sandstorm
several times -- perhaps due to a bug or a misunderstanding -- and gets a new
cert every time, we don't take a huge hit. Basically, we get some risk
management out of this deal.

~~~
abritishguy
It would be nice if you included the financial motivation in the article as
well. Makes total sense, and I totally agree that 7 day certs are better
(security wise) than 1 year, I just wasn't sure that in the absence of any
financial motivation whether it would be worth the effort (having to roll
private keys every week) for the limited protection it gives you.

~~~
savant
You eventually have to roll over keys at least once every N years, so if you
are automating it, the length of time doesn't really matter.

In this case, they are just limiting the window.

~~~
kentonv
Indeed, we were going to do the auto-renewal regardless, so making it every 7
days didn't really add any work.

Meanwhile I really am paranoid about long-lived keys of any sort, especially
if they need to be online as TLS keys must. I wish CAs offered short-lived
keys more readily (and web infrastructure supported it); I'd love to enable
them for all Sandstorm properties.

------
tombrossman
Probably not a top concern for users, but this does look like it would be
really difficult to use with HTTP Public Key Pinning unless Sandstorm were
also keeping the pinning TTLs pretty short - which defeats the purpose.

More info here if anyone's interested in HPKP: [https://scotthelme.co.uk/hpkp-
http-public-key-pinning/](https://scotthelme.co.uk/hpkp-http-public-key-
pinning/)

~~~
kentonv
Honestly HPKP terrifies me. If you key is lost or compromised, you "brick"
your site. How do you recover from the next Heartbleed?

I think it could make sense to pin an _offline_ key which is in turn used to
sign _online_ keys -- it's at least somewhat feasible to build secure,
reliable storage for offline keys. But with current tech that would require
that your offline key is a CA key, and as a regular user you have no ability
to obtain such a certificate.

So basically I don't think HPKP is a good idea, unless you are Google.

I think certificate transparency is the most promising way forward here.

~~~
geofft
You can prepare the spare certificate in advance: generate two private keys
(preferably with different software on different machines), buy two certs, and
only put one of them online. That way, if something goes wrong, you have a
known-working certificate you can switch to. It doubles the cost, which may or
may not be worth the money.

You're also allowed to pin any certificate in the chain, not just the end-
entity cert
([https://tools.ietf.org/html/rfc7469#section-2.6](https://tools.ietf.org/html/rfc7469#section-2.6)),
so you have some other options. You can pin some number of CAs that you think
are trustworthy CAs: pin not only GlobalSign but a few other major CAs that
you'd consider using in the future. That doesn't protect you from all the
things HPKP could possibly protect you from, but it does protect you from the
DigiNotars and MCS Holdings and TURKTRUSTs of the world.

~~~
blfr
You don't need to buy a spare cert in advance. You can use a a CSR, and only
get it signed when necessary.

