Hacker News new | past | comments | ask | show | jobs | submit login
StartCom charges for reissuing SSL certs due to Heartbleed (exbit.io)
67 points by DiabloD3 on April 9, 2014 | hide | past | favorite | 44 comments



I wish someone could do a genuinely free SSL CA with "reasonable" procedures, just to disrupt the industry. Charging $19 to 500/yr for something which is fundamentally non-rival (unlike, say, a domain name) with very minimal marginal cost is basically bullshit rent-seeking.

SSL certs are an utter commodity, and generally the CA system is a broken system, but we'd be a lot better off with free "real" SSL certs everywhere rather than a bunch of self signed stuff. The loss here is the large number of applications with self-signed certs on the Internet, as well as the general hassle involved in purchasing and renewing certs for everyone who does.

The cost of having a well-run base CA is small number of millions to set up and maybe $1-2mm/yr. It would do a lot more good than many other charities. The marginal costs to do mail-from auth S/MIME and domain-verify certs would be limited.

I used to think StartCom was a good solution for this, but after recent staff departures, and their shortsighted-at-best policy here, I can't recommend them.

With commercial CAs, people use wildcard certs in a lot of places where they should be using distinct other certs. It's maybe not an issue for https for main company websites ($49/yr isn't too big a deal), but I want people to use real certs for START TLS email, client certs, etc. I also want one CA to be really popular, or at least one simple cert-issuance protocol to be popular, so "automatically generate a cert and CSR and get the cert loaded" becomes an automatic part of software setup.

I'm kind of surprised Google hasn't done this, in exchange for people proving ownership of a Google+ account or something. FB, Twitter, etc. could all easily bury the costs of a genuinely free CA.


I want people to use real certs for START TLS email, client certs, etc.

Because StartSSL issues them for free, I actually did exactly that -- used a separate certificate for each of my secure services (IMAP, SMTP, HTTPS, etc.), on each of my domains. I believe I currently have roughly 25-30 certificates issued by them. My thinking was that, despite the extra configuration complexity, if a particular key were compromised, at least I wouldn't have to replace all my certificates!

Ugh.

So now, ironically, I'm faced with having to replace all my certificates, not to mention paying StartSSL $25 per certificate if I want to do the right thing again and have all the existing ones revoked, as well.

Instead, I'm tempted to "pay up" for a wildcard certificate for each of my domains from a provider whose revenue stream comes from minting certs, not revoking them. Configuring my services sure would be easier with 5 certificates rather than 25. Also, I've never leaked a key by any error of my own, and I'm beginning to think that's less likely than someone finding another hole in OpenSSL (or a CA) which requires wholesale certificate replacement again.


You can't use wildcard for EV domains.


Thankfully, I don't need those!


Mozilla comes to mind as an organization that could be trusted to do this.


Maybe, but this would add legitimacy to X.509 and the CA business and cement it even further. It's an enormous ongoing drag to Internet security.

I'd like to see Mozilla and Google to team up on a reasonable replacement. Even Microsoft might join up given its recent shifts in attitude. TLS supports non-X.509 stuff just fine.


cacert.org is trying just that for a long time. The hard part is the paperwork and procedures that give OS and browser vendors the trust to add you in their default config.


Well, that is with good reason. A rogue or insecure root CA which is trusted by major browsers/OS'ses would basically invalidate the whole CA system (see the DigiNotar affair from 2011).


> A rogue or insecure root CA which is trusted by major browsers/OS'ses would basically invalidate the whole CA system

The CNNIC root is still trusted by most browsers/OSes.


Sure, but it goes counter to "I wish someone could do a genuinely free SSL CA with "reasonable" procedures".

So bad news: it's hard. good news: people are trying.


> So bad news: it's hard. good news: people are trying.

More bad news: They're failing pretty hard. CACert have been around for a long time, and still haven't managed to get themselves audited.


There was an interesting thread on the subject on the crypto-list last year ("How much does it cost to start a root CA ?"), see eg:

http://lists.randombit.net/pipermail/cryptography/2013-Janua...

http://lists.randombit.net/pipermail/cryptography/2013-Janua...

http://lists.randombit.net/pipermail/cryptography/2013-Janua...

And for good measure, on the subject of certs and trust, the thread after:

"another cert failure" (2011)

http://lists.randombit.net/pipermail/cryptography/2013-Janua...


Why does it have to be free? 5 bucks a year for an SSL cert is peanuts.

If you want free, push for killing CAs :)


Charging any amount of money adds friction. $0 to $5 is a bigger jump than $5 to $50. All I care about is having SSL everywhere.

Maybe someone like CloudFlare could cover the "Free CA" project.


> 5 bucks a year for an SSL cert is peanuts.

'per year' pricing is one of the most insidious aspects of the current CA system.

Certificates don't rot.

They claim that annual renewal is necessay to protect us from a rogue but unrevoked certificate; however any malicious activities would be quite profitable well within a year.

So why not set renewal to be monthly, just to be extra-safe? Weekly? Perhaps I should suggest that to them. The resulting outcry from users might be the only way we can disrupt the CA situation.


I think the billing interval is relatively unimportant.


I use StartCom, and I revoked and re-keyed yesterday. In the revocation reason, I linked to the CVE. They waived the fee, citing "exceptional circumstances." It could be that they're waiving fees only for paying users. My certs with them are all class 2 wildcards; definitely not free. Or it could just be inconsistency during a very hectic time for them.

I've used several CAs and StartCom is the one I dislike the least. I wish Amazon would become a registrar and CA. Then AWS would really be one-stop shopping.


I have free Class 1 certs, and had to pay for all revocations. They did ask me first and pointed out that upgrading to Class 2 would be cheaper, and suggested that reissueing at Class 2 would be sufficient. However, they admitted it would create more latency. I bit the bullet and went ahead with the revocations.

My wallet is unhappy, and I do feel like charging for revocations is a bit odd, since revocations usually happen for security reasons and this deincentivizes good security. OTOH, they do run a business and I've created work for them at no charge previously, so I'm not mad.


It's not unreasonable to charge a little bit for a revocation. They require more work than a cert itself (updating and hosting the revokes list etc.) and a fee prevents unneccesary revokations from taking place.


Yeah, I'm not really mad. Every time I have interacted with StartCom personnel they've been fast, courteous and competent, and their style is enjoyably direct and goal-focused (plain email, no boiler plate, no patronizing). I like the idea of competent people getting paid well, so that soothes my hurting wallet a bit.


How does the Class 2 pricing actually work? You need to pay $59 for your personal identity, and then $59 per domain, and then you can get unlimited Class 2 certs for that domain?


AIUI, it's $60 for an identity validation, which is valid for 350 years. Within those 350 days you can create unlimited certificates at no additional charge, which are valid for 2-3 years (depending on type). That means you basically need to pay $60 for a revalidation every 2-3 years so you can reissue certificates to replace expiring ones.


Furthermore, you aren't bounded to any domain. So Startcom gives unlimited SSL/SMIME/Code signing certificates for almost a year after paying $60. Non-wildcard certificates are free (altough your name isn't on the cert). I find it's the most reasonably priced CA of them all.


I just redid my personal ID after a year, but paperwork stalled refreshing my company ID. Now Heartbleed has struck, and I'm in the position of not having a current validation for the company (currently waiting on their return call). If I revoke, I can't reissue...


The title is misleading. StartCom is asking for its fee for revoking, that's all. Not making revocation free of cost isn't refusal to reissue cert.


With startcom you cannot request a cert for the same (sub)domain until the current certificate expires in 2 weeks or less


But you CAN revoke the current one.


for which you pay dearly.


Yes, 25 USD. I wasn't arguing that, though. My point was: the original title to the tune of "StartCom is refusing to reissue certs" was misleading.


Yes, you're right. But that makes it far worse!


I can understand if they want to charge for revocations, fine, but their attitude here is horrible. The customer wasn't demanding free revocation, he was politely asking if they would offer free revocations. StartCom jumped straight to quoting "Subscriber Obligations". Wow.


I'm curious though. What part of the obligations quoted was the subscriber violating?


None.


Who wants to file the bug for removal from Mozilla?

http://www.mozilla.org/en-US/about/governance/policies/secur...

Section 2, dot 2.

CAs must revoke Certificates that they have issued upon the occurrence of any of the following events:

the CA obtains reasonable evidence that the subscriber’s private key (corresponding to the public key in the certificate) has been compromised or is suspected of compromise (e.g. Debian weak keys), or that the certificate has otherwise been misused;



Can the same be done for chrome?


"We do understand the situation very well, thanks."

Really? Then why does he quote the following policy:

    Never share private keys with any third party and use adequate
    protection and best security practices to secure private keys in
    order prevent losses and compromises thereof.
If he grasps the situation, what part of that policy would apply?!?


Every CA that motivates cert owners to rather not revoke certs if they get compromised, should not be a trusted CA by anybody. It's that simple.

StartCom's been doing this for a long time. This is what makes them dangerous. It does not make them any more dangerous now than before.

Even if StartCom made an exception in this case, it should not change anything. Because even without hearbleed, certs still get compromised and StartCom's standard practice is to motivate owners to keep using known compromised certs.

Why does anybody trust a CA with this policy? Why is StartCom included in browsers and OSes? Why isn't anybody removing StartCom and CAs with similar policies from trusted CAs?


Also, you can't issue a new cert for a domain until the old one is revoked.


Yes you can (technically at-least)


well, not with their webui.


I got an eMail from a certmaster denying me a free rekey, for a soon-to-be tax-exempt non-profit society of public utility (so there is no money here, and we do not even process credit card data or anything). And that after someone else did get a free rekey citing this vulnerability. Clearly, Startcom is either swimming in money today and losing their status as trusted Root CA very soon, or they got to change their attitude RSN, pronto.


For what its' worth, they have finally released a statement:-

https://www.startssl.com/?app=43

This claims that CRLs and OCSP would then be expensive / lots of downloads....





Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: