Slashdot Mirror
Choosing an SSL CA?
zentigger asks: "I am looking at renewing some SSL certificates and checking out the various vendors. I seems that just about every major CA has some reason for not using them. Verisign is just evil, Thawte is owned by Verisign, Geocerts has a bad habit of spamming, and Godaddy uses a stupid chained cert that doesn't work for some appliances we have (and they won't let me check out using Firefox). I realize that I could just use a self-signed certificate, but we have too many stupid users that get all confused and whiny when something pops up and asks them unexpected questions. So I put it to you, Slashdot: what CAs do you recommend and why?"
For god's sake, don't buy Veri-slime's 'Global Certificate' which was built to allow for a crippled 'international version browser', an idea which was abandoned 6 years ago. A quick check of their site leads me to suspect that they changed the name to 'Financial SSL Certificates for OFX'. I Think that that verisign product represents the last 'one percent', however I doubt if anyone should trust an SSL conntection to those long outdated browsers.
The grass is only greener, if you don't take care of your own lawn.
cacert.org
They have a great concept that should be supported.
Verisign is the choice since they are the most well known.
Simple, if you customers can't shop on your site because there is some problem with the SSL, they will simply go somewhere else. They won't care about Verisign being evil, they won't care how doing business with them is wrong, they won't care what excuses you could give them. They simply will go somewhere else.
You are in the business of selling, not in the business of being moral and trying to explain it to someone else who may not agree with you. Most non-computer geeks types could give a fuck less on why you think Verisign is evil.
Linux O Muerte!
http://comodo.com/
They were the first company I found selling certs for $50 compared to Thawte which was around $200 at the time. Now we use a wild card cert which costs $449 + $10/server. We use it on 15 servers with 20 or so hostnames (*.url.com) right now. It makes it a hell of lot easier to update and manage only one cert.
We have had no reported problems with browser compatibility.
I think the most interesting post that time was that the US military and Microsoft both use self-signed ones -- which makes a pretty strong case that (if you're a B2B company) your company should sign it and your customers should add your company to the trusted authorities. If your're a B2C one, choose the cheapest one that FireFox and IE trust by default.
We use a self-signed CA, but being a corporate MS shop we force our CA's certs out as trusted through AD, so there's no difference between certs signed by our CA and certs signed by someone else. For me, it's brilliant. I can certify whatever I need to without having to cough up each time. It's only useful for internal users though. Obviously no good for public sites.
We use imaging software (such as Ghost) and include the cert pre-installed in IE's "Trusted Root" and/or Mozilla's "Authorities" on every machine we roll out. Eliminated perplexed users calling about messages they don't understand.
Of course, we're not an e-commerce site, so this is purely an internal solution.
I'm not tense. I'm just terribly, terribly, alert.
Gah - I have moderator points but there's no "incorrect" flag.
Encryption without authentication is absolutely meaningless. There would be no way to detect a "man in the middle" attack -- anyone with access to the data stream could impersonate the other party and get the complete plaintext stream. Worse, the MitM could almost certainly insert or remove content at will. ("Almost" since it's possible that there's HMAC data at the application layer in addition to the network(?) layer.)
That's crypto 101 material. Any protocol designer that doesn't have MitM attacks as one of his top priorities should go back to his cereal box decoder rings.
SSL contains both strong mutual authentication and message digesting. One or both parties can choose to ignore information, but it's always their choice and they can refuse a connection unless acceptable authentication information has been provided.
Does this directly address spamming and phishing? No... but it guarantees that you can hold somebody responsible for it. That's why the "soft" side of the CA is so important - you're depending on the CA doing due diligence to ensure that 'paypal.com' is who they claim they are, not somebody with a maildrop. Generating and publishing the certs themselves is trivial.
As an aside, "SSL" does NOT mean that you're guaranteed an encrypted channel. A 'null' cipher exists for testing purposes and many administrators never realize that they should specify a minimal acceptable cipher strength. A malicious application or client could attempt to negotiate encryption down to nothing. Some of the other ciphers are only suitable for keeping your kid sister out of your stuff.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Cheapest I've seen on the Net is ev1servers.net at $14.95 (about 8.50 pounds for UK folks). It works with almost all browsers, except for users running IE 5.0 or older that haven't upgraded the latest root certificate via Windows Update. What I did is write a script that scanned the access logs for IE 5.0 or older and displayed the percentage of such browsers - when it dipped below 0.1% (which it has already for about half the sites we manage), we switched from Verisign to the ev1servers.net secure cert and saved, wait for it, over 250 pounds per certificate!
Unfortunately just last month Verisign announced its intentions to purchase GeoTrust. It might suck for any GeoTrust resellers, as Verisign was never very supportive of their resellers.
Here's the press release.
If you have to be used by millions of everyday users (ie, e commerce site), the answer is Verisign. Well known, trusted (by lawyers, this is more important than any technical issues if you are doing financial transactions), and way too expensive (but you have no choice, welcome to the CA oligopoly)
If you have a limited number of users, or especially if it is internal, use CACERT. Yes there is the headache of getting people to install the root but it is a one time thing and then you will never have to pay for a cert again.
Look, x.509 is a halfway decent (if over-engineered) concept that is just horribly implemented. Cryptographically it is very strong, and in theory provides very strong authentication, data integrity, and encryption. In practice it is a stupid binary trust system (you completely trust every cert signed by a CA for everything or you trust nothing signed by that CA), and the CA's have banded together to basically ensure there will never again be any competition. The requirements to get a CA into a browser are batshit insane. A gentlemen's agreement exists between MS, Verisign, et al (Netscape/Firefox just does whatever MS does) to make sure that someone would have to spend millions and have pricing similar to all of the others to get in.
Verisign has proven time and again that they are more than happy to give sign a certificate to anyone capable of passing their stringent security checks which involve writing a check, so what makes them any more secure than CACERT? Nothing. Oh they have tamper proof hardware, vaults, and all kinds of james bond style doomsday devices hooked up to their secret underground bunker which houses the CA, but none of that matters if they perform the same authentication checks that CACERT does (can you receive email at the domain? Good you are in).
So don't get suckered into paying way too much for a string of bits if you don't have to. If running your own CA is not your thing (and it really is not all that hard, CA.pl which comes with openssl and an O'Reilly book is about all you need), go with CACERT. If this is not for something internal or something with a limited number of users that you could tell to download a CA, then break our your wallet and go to Verisign.
Finkployd
Then move on to Simple-SSL.com, $35 for two years or $44 for three years. Both certs are from RapidSSL.com (aka GeoTrust, but I've never seen spam from them), so they work in all the browsers most people care about, but Simple-SSL.com is much cheaper than RapidSSL.com even though it's exactly the same product.
By the way, if anyone knows how to add additional certificates to a Motorola v551 mobile phone, please let me know...
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
The new was made public 1 month ago with the announcement that almost all of GeoTrust's staff were being let go in a few weeks, VeriSign was the new owners and were gonna consolidate operations.
GeoTrust is still in business right now, I know for a fact that they've got salesfolk answering the lines and their product lines haven't been shut down so as far as a certificate goes they're still as good as they were a month ago. And those certificate chains are a valuable asset and will no doubt be maintained indefinitely. However the package and pricing will likely change as VeriSign moves yet more solidly into the number 1 (and 2, and 3) spot.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
This list might be of use:
. 200603/casurvey.html
http://www.securityspace.com/de/s_survey/data/man
Popularity does not equate to quality or value for price, but it often well correlates to it. At least you could use this as a starting point for investigation.