Essentially it doesn't matter which Certificate Authority you use for security reasons - because any CA can attack you, whether you're their customer or not. This can only be mitigated by using key pinning (hpkp), but then - at least if you pin leaf certificates - it still doesn't matter which CA you choose.
Every text that indicates "I don't trust CA X for reason Y, therefore I don't use them" is based on a misunderstanding of how certificates work.
(And yes - I know that there is the issue that you can let StartSSL create the private key for you. Just don't do this ever, no matter which CA you use.)
> Firefox (and Chrome) disable Pin Validation for Pinned Hosts whose validated certificate chain terminates at a user-defined trust anchor (rather than a built-in trust anchor).
I understand this as "when using HPKP, you have to pin a CA certificate, not your site's leaf certificate". If this understanding is correct, I think your comment about HPKP is wrong and it is in fact a good idea to use a CA you find trustworthy and pin its certificate. Agree?
I don't think so. If you don't trust a particular CA then you shouldn't in good conscience make trusting them a requirement to access your services. And by using an untrustworthy CA you are making it harder for browsers and distribution maintainers to distrust them if they start abusing that trust.
I have not implemented key-pinning myself, but I always assumed you were pinning the key of the actual site you were communicating with ... sort of like SSH ...
That's not the case ?
Most deployments currently pin to a main and backup CA. This is because HPKP makes it fairly easy to essentially brick your domain (Think: Heartbleed and a lost backup key. Say goodbye to your domain!). It's possible, but you better know what you're doing.
Isn't that the simplest thing with the most utility ?
What am I missing here ?
However, if your main and backup key is lost or compromised, you have essentially bricked your domain. That's why most real-life deployments pin to two CAs instead (since CAs are generally better at managing keys).
Can you (or someone) explain why this is? I don't understand.
It's proven in the past that they're not a security company for anything that deals with protecting yourself against snooping by the Chinese state and will negatively affect your security.
Seeing this in relation to free SSL intended to be deployed all over the internet. Yeah, that is worrying.
a. they labeled their own browser as a Microsoft security update, which triggered MS investigation
b. they cheated on the anti-virus lab testing and got banned.
Now let's make their awful name worldwide. ;)
Palo Alto Networks - 34
Qihoo/360 - 27
FireEye - 14
Tencent - 14
Trend Micro - 12
Fortinet - 7
McAfee - 2
VMware - 2
Kaspersky - 1
They are a pretty unsavory company but they really know what they are doing.
And therein lies the problem... no?
Can we please judge each topic on its own context without the ad hominem?
It has absolutely no respect to user privacy, and will not hesitate to threaten users into their favor, if that doesn't work, hijack your computer.
Shameless, no bottomline......it is worst of the worse.
Mark my words. DONT EVER TRUST IT.
Example, try search proprietary software, say 'Autocad', first few results are always pirate sites, while google will show the Autodesk site and the wikipedia post.
Recently Baidu also under the spotlight for monetizing illness-related forums. The issue is some patients accused the Internet giant selling their private info to _unqualified_ private hospitals. These hospitals charge a lot but usually their hardware and staff are underqualified.
Unless this is the Autocad office in China (which I highly doubt), there's absolutely no link to the Autodesk website on the first result page.
In fact, their instant answer when you search for Autocad is downloadable version of Autocad for Win/Mac/iOS. I don't have a Win/Mac computer with me at the moment, so I can't verify are those legit trial versions or pirated ones, but the iOS one points to the legit version on Apple's store.
What more, not using their services does not enhance or harm your security in many meaningful way as long as they remain a trusted CA who can sign any domain they want to. If nation-state espionage is really a concern for you, take a few minutes of your time and purge the list of trust anchors installed on your OS.
So you want a secure website, and you agree that SSL is needed for things to be secure.
But you're not willing to put in one inch of effort yourself to secure your own SSL keys. You can't even bother to back up the master key to your own certs, because it's too much work?
Cognitive dissonance much?
If you care about security, then do it properly. If you're going to do it half-assed, just don't bother at all. All you're doing then is contributing to security-theater, which is all the work and no real benefits.
If you accidentally visit their page with the wrong browser (Safari or Chrome, I forget) when you need to renew an expiring client certificate - the browser doesn't download it properly, you can't ever request another one. Anyway, letsencrypt sorts that out.
I don't know what you have been doing the last 20 years on the web (and I'll assume it's more than just surfing facebook), but it's not entirely uncommon, and I've encountered it several places.
Symantec's CA uses it. My online bank used to do so too. I've seen VPNs using it. Iirc some IPv6 tunnel-providers also require you to authenticate using certificates before letting you set up new IPv6 subnets.
It may not be mainstream, but it's part of the standard. And it's much more secure than a regular username/password, for the same reason SSH keys are more secure than allowing username/password logins.
To be clear about that: My point about half-assed was your seeming unwillingness to back up client-certificates which gives full access to your real certificates and (in some cases) private certificate keys.
Unless on Windows (where StartSSL has its private keys marked non-exportable in the certificate store, sic), doing such a backup takes almost no effort. There's no excuse for going all the way through to get a cert and then not bothering backing up these client-certs too.
(Browser makers are quarter-assing their UX for using client certs, but that's a separate issue).
The guy kept throwing out extremely passive-aggressive lines while using smilies while I was nothing but polite.
- "I understand your problem, maybe you should be more careful next time. ;)"
- "Next time read the fine print! :)"
This was all because I needed to get a certificate revoked. Due to their terrible and unclear interface I had managed to lose a private key that they generated for me and as you know, revoking certificates with StartSSL costs money.
The hilarious thing is the revoke fee is way more expensive than just buying a certificate with a different provider.
Thankfully I'll never have to deal with them again in my life because superior services exist to obtain/revoke free basic certificates.
Found your problem: you should never have someone generate a private key for you.
It's one of StartSSL's flaws too. They are an enabler of doing stupid things.
I'm now just curious what happens to my data if they're sold to China.
I mean, the amount of personal data they are asking for when acquiring a certificate is not really small.
Maybe that's because 90 % of them actually are?
Oh, and they allow you to authenticate for their web interface using client certificates instead of form abominations? Sweet.
In addition, domain authorizations last for 10 months, so you don't have to go through the DNS verification each time: just renewing is sufficient. Run the issue command, drop new certs into configuration management, done. Couple minutes tops. Just set your calendar!
Automating this simply means that if someone hacks your machine, they also have full access to generate any certs they like.
I don't consider this a positive thing.
You can separate the generation onto another machine, but it's much more complicated, and the default install is not that way.
I have yet to hear any useful reason to rotate the key.
Well, they can generate certs for your domain. But what exactly is the big difference between generating a new certificate for your domain and having your private key. I fail to see why it would be a huge risk, they can access all your users data in any case.
>I have yet to hear any useful reason to rotate the key.
Basically limiting damage in case of a compromise.
All in, the Lets Encrypt way brings you more security. Since the certificate validity is shorter, even generating an extra certificate will give the attacker a smaller average time with a valid cert than stealing your StartSSL cert.
Another side-effect is that you don't need to manage revocation stuff as diligently, because certificates automatically expire shortly. The window during which a certificate is valid is extremely short and recent, which means there is less chance that a problem happens. when that probability increases (as a result of being older), certificates become automatically invalid.
I use a temporary self-signed keypair, which then gets replaced when the certificate is issued.
For the very first time, you can use let's encrypt's manual verification process, but then have the let's encrypt client set up to renew certs automatically (possibly even from a separate container) using same data file mappings.
I'll take an automated process I run via cronjob and that requires no manual intervention, over a process that requires I touch it once a year.
The decision (to me) is a no-brainer.
Started with Let's Encrypt. Running Mac OS X. Failed. Guessed cause has something to do with macports vs homebrew and having the proper Python version active. Disabled macports. Now the app runs.
But I got "Failed to connect to host for DVSNI challenge".
Start googling, reading, messing around with this for a while. No joy.
Bailed on Let's Encrypt, started over with StartSSL, because its the first source of free for not-for-profit certs I found.
Happy to take recommendations for alternatives.
Think about how much time it is going to take you to learn how to deploy and maintain your 'free' certificates and remember time is money. What do you make an hour? Is that more than the cost of a paid certificate?
I have used these certificates - https://cheapsslsecurity.com/comodo/positivessl.html - on multiple sites and it is very fast and easy. Other vendors sell them too and are likely just as good. Gandi do them too (at a slightly higher cost) and are the fastest method for me, though this may be because I have all my domains there already: https://www.gandi.net/ssl/standard?currency=USD#single
Don't waste hours chasing down free certificates when paid ones are so cheap now. Use Let's Encrypt only if you need lots of certificates and the paid options become prohibitively high.
I'll use Let's Encrypt when they have a easy setup available.
Use something small like https://github.com/kuba/simp_le or https://github.com/diafygi/acme-tiny
Note that the update process needs to be automated because let's encrypt certificates last only 3 months as I have read.
Let's Encrypt actually has compatibility issues with Windows XP, so wildcard certificates wouldn't help.
But the biggest problem here is wildcarded subdomains, since LE doesn't let you get more than 5 certificates per domain.
Also I think with Firefox on Windows XP it should work.
Not perfect but seems to work fine.
Have you tried using it? On every domain I've tried to obtain a cert it has failed.
For me StartSSL may be suboptimal, but at least it works, which is more than I can say for Letsencrypt in its current state.
In practice, for most people, reserve a few hours for your first deployment. After you got a script that calls openssl right, it's fast to adapt for other domains, but the first time is hard.
The article could certainly use a bit more connecting-the-dots to show how he gets from "they're hosted in China" to "I won't use them anymore".
Most software that uses TLS nowadays ships with a number of CA root certs sponsored by various nation states including China. On desktop they can be disabled but iOS drvices are out of luck (or perpetually compromised in a sense)
Trusting a CA to provide your private key is on another matter.
Which was quite sensible, actually. Charge for the actual costly process of manually verifying ID, and then allow for unlimited free domain-validations to be issued to the corresponding ID (which is the machine-automatable part).
When I first saw the form with this option on their website I thought "oh so that's why the Mossad is running this CA for free..."
There are many things to take into account when choosing a CA to use for your site. But security, jurisdiction and any history of mis-issuance are not relevant to you; only reliers. And no relier has any choice in the matter anyway, or any economic relationship they can terminate.
(Things change if you start to use HPKP and pin to a particular root; nobody does that though because it's an availability and economic nightmare.)
It would be so easy for NSA/GCHQ to recruit or place an "agent" inside of any Western CA or ISP they wanted. There is even evidence in recent years that this has been happening.
This was merely the most recent incident. Yes Symantec covered it up quite nicely and framed it as a test that went wrong (the Russian's used that excuse with Chernobyl) but there is no evidence those "rogue employees" were not acting for the state i.e. the USA.
There was also the recent incident with Juniper networks and the state-sponsored backdoor that had been present in much of their network gear for a few years. See: http://www.wired.com/2015/12/researchers-solve-the-juniper-m...
Still think the West CA's and ISPs are better than Chinese ones?
The only question you need to ask yourself is: Which government would you rather have eyes on your data? One might surmise that if you have something to hide from Western eyes then use a Chinese provider. And if you have something to hide from Chinese eyes then use a Western provider. The balance of probabilities, I believe, backs this up.
They offer "keyless" ssl which puts the private key back in the data center but this adds complexity and latency on the initial connect so I suspect most don't use it.
Your "understanding" is completely wrong.
CloudFlare's network in China does not contain configuration, settings, SSL certificates etc. from non-China CloudFlare customers. We run separate infrastructure there and only if you go through the hoops to expose your web site on our network inside China do we send information about your web site there.
Source: me (I'm CloudFlare's CTO)
Do you make it clear in the UI that a private key is ending up on Baidu's servers operated by Baidu's people? I don't use CF so I don't know - I'm just curious what the user experience is like. I'm asking because your CEO addressed concerns in the CNBC article about Baidu having access to your intellectual property so they seem to have full access.
I think the issue of user education is a real problem. I'm Wordfence's CEO - we're the biggest security vendor in the WordPress space. (We occasionally work with your support staff to solve a customer issue) and I know that user education in infosec isn't what it should be. We're actively working to try and fix that with a vendor neutral learning center we created.
So for example I'm not sure users understand the impact of having a partially secure connection to the endpoint when you only have SSL to a Cloudflare edge server and are reverse proxying in the clear. Same issue here - I'd like to learn more about the UX and how the location of their private keys is explained to them.
I think as vendors we're often to blame because the marketing team gets a little too excited at the cost of user education and clarity.
Re your comments on user education: if you'd like to learn more about our current UI, I encourage you to sign up for a free account at https://www.cloudflare.com/a/sign-up.
And if you encounter any experiences you feel are not sufficiently clear, I hope that you'll submit specific suggestions to me here: email@example.com.
[quote]For the moment the China network does not support HTTPS traffic (HTTP only). Support for SSL/TLS will be made available in the coming months.[/quote]
As long as you don't sign in to China servers, they won't put you there. Even if you want to, first you need valid ICP certificate issued by Chinese govt.
"StartSSL already refused to revoke certificates affected by the HeartBleed vulnerability and accused the user from negligence."
That's wrong. They did charge a $25 fee for the revocation, however. I think it's reasonable since there is probably some manual process involved and the certificate was already free. They have to earn money somehow.
People think nothing of using the freemium model which gives you a basic product for free, and charges you for extra features. It's exactly what StartSSL are doing here.
I don't particularly like or use StartSSL, but much of the criticism of them sounds totally invalid to me. Paid DV certs are dirt cheap people, shop around!
China has a terrible record against their own citizens, but the US government has a proven, published record of spying on the entire internet.
Then you could have a choice of multiple authorities verifying each other, independent and commercial.
You are borrowing someone else's trust. You are hoping that the company you get a cert from won't pretend to be you. There is no technical mechanism to stop this, no matter where the parent company is based.
Also the other thing to note is that virtually all communications companies have some sort of government involvement regardless of where they are based.
Actually, any company can pretend to be you, whether you got the cert from them or not.
Isn't saying that a bit wrong? at least point on the hint that it is having connections with a state-owned company.
Now I'm gonna give you a few reasons not to use let's encrypt: it forces you to keep a piece of software that can generate keys in your server. It forces you to reload your web server config every two months, unattended (they won't issue certs valid for more than 90 days). The alernative would be to do the process manually every two months(wtf?). Also, its certificates are not trusted in Windows XP.
Now, as part of these piss-poor authoritarian decisions and attitude, someone is trying to trick startssl users into using let's encrypt posting this crap with circumstantial evidence about China and Startssl. I hope you fail miserably.
No, I have no ties to Startssl whatsoever. And it's been ages since I last used their service.
Shorter validity time makes your users safer. If you lose the private key, it will only be a problem for three monts or less. Reloading your webserver should be a complete non-issue.
wrong, there are different ways to get a cert, even web interfaces, which you can install everywhere.
> It forces you to reload your web server config every two months, unattended
wrong, if you like that kind of work you can replace it by hand.
> Because everyone should love to waste their time writing their own client.
wrong, because again you are not forced to, you could use one of the many clients available.
> And running let'sencrypt scripts as root. And risking their security.
You don't have to run at root, you could use a client which supports non root.
> If you say I'm lying you should point out the falsehoods, or you're just another manipulator at work.
Wrong again, because your errors have been pointed out already by others. You should start reading the answers and stop your "rage against censorship" quest.