Let's Encrypt Is Now In Public Beta

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

Shared hosting

[tepples]

From Introduction:

The client requires root access

Because a shared web hosting customer is not root, the hosting provider will have to install Let's Encrypt on behalf of its customers. I plan to open a support ticket with my hosting provider to request installation of Let's Encrypt. What are the most likely objections that a hosting provider might have to enabling this?

Re:Shared hosting

[greenfruitsalad]

expect lack of interest due to no interest from other customers. therefore unwillingness to invest people-time into testing this.

i suspect your provider will simply tell you to go to startssl and get yourself a free ssl certificate.

Re:Shared hosting

[foobar77]

Yep. Got this same problem. Very interested, but need it to work through CPanel ideally or at least WHM.

Re:Shared hosting

Beta software that requires root access. What could possibly go wrong?

Re:Shared hosting

[xxxJonBoyxxx]

>> What are the most likely objections that a hosting provider might have to enabling this?

I know one of mine (HostGator) threw a fit (charged me for installation) when I got my X.509 server cert from another provider.

I suspect many of them were looking forward to the brave new world of "HTTPS by default" as a big money-maker and aren't too pleased with the fact that the consumer's price for certs has already been driven down to $0.

Re:Shared hosting

[Qzukk]

Low port, you mean. Ports below 1024 can only be opened by root. The server can (and should) change users after creating the socket.

Re:Shared hosting

[DeHackEd]

It does require root if you want it to run a private port 80/443 service to do the authentication for you and/or to install the certificate into your apache config on your behalf. A nice feature for less capable users (ain't that a scary though)

But if you are using an existing web server and are okay with manual certificate installation/configuration and have a long command-line full of path overrides (eg. no using /etc for storing the generated certs) then it runs just fins as a normal user. I did it during the closed beta.

There's a few other little kinks to worry about like reloading apache on an updated certificate but I think you're capable of dealing with that.

Re:Shared hosting

[randm.ca]

Another option would be to add a TXT record with the challenge-response to the DNS. Control of the DNS literally means controlling the domain.

That's a planned feature, sadly it was considered low priority for the beta launch. Hopefully it'll be implemented in the next few months though.

Re:Shared hosting

[tepples]

Anonymous Coward wrote:

It's 2015. Why is anybody running on shared hosting? You can get a solid VPS for $10/month and install whatever the hell you want.

Because they're on a shared hosting plan at less than $10 per month.

So anyway, in case anyone is reading this and shopping for a new web host, which $10 per month VPS hosts are any good?

Re:Shared hosting

[bingoUV]

Because it's a bad idea? Two independent purposes are served by HTTPS - encryption in transit, and sender identification. Self generated certificate is enough to do the encryption in transit business.

For sender identification, it makes no sense to do it automatically and/or cheaply. It should be even more expensive, and come with lots of verifications. By doing it "automatically", we defeat the whole purpose of sender identification.

Browsers (including a partner in this project- Mozilla) are too stupid to not irritate users worth scary dialog if only one of the purposes of HTTPS are being served - but that doesn't mean we adopt stupid solutions.

Re:Shared hosting

[tepples]

Let's Encrypt already validates that the sender is authorized to speak for the domain. But you make it sound like there's no place for encryption in transit without stronger sender identification, ideally one verified against real-world credentials. Further, you make it sound like there ought to be an entry barrier to sender identification. Do I understand you correctly so far? And if so, how much ought the right to send to cost, in your opinion? Should individuals have the right to send, outside the course of a business?

Re:Shared hosting

[bingoUV]

But you make it sound like there's no place for encryption in transit without stronger sender identification

I am saying the opposite, no idea why you interpret it this way. It is very easy to encrypt in transit - just generate your certificate and encrypt away. Even the name of the project - Let's Encrypt - "makes it sound like" encryption in transit is the big deal, not the sender identification.

Repeat after me - encryption DOES NOT NEED identification.

Further, you make it sound like there ought to be an entry barrier to sender identification

How do you identify something without creating a barrier for it?

Do I understand you correctly so far?

50%.

Should individuals have the right to send, outside the course of a business?

Send away, no problem.Want to send encrypted? Generate a certificate and send away, no problem there either. Want someone to vouch for you that you are the sender you pretend to be? Ouch, that will be $x - not because it is a prerogative of the rich, but we need to do the following verifications which cost $x.

1. Identity, address verification of applicant. Something to catch him if he goes rogue.
2. Domain access - as you say letsencrypt already does.
3. Does it represent a physical business? Or virtual business outside of this domain? Or appear to do so to a non-paranoid human being? Get approval from the business owner.

Remember banks are relying on the "HTTPS" lock icon and instructing their users to look for it and consider themselves "safe" if it exists. ING bank shouldn't have to buy ing.com, ing.org, mying.com, ingbank.com, myingbank.com just because domain ownership is the be all and end all of "identification" on the internet.

Re:Shared hosting

[_merlin]

So does that mean you have to take down your regular web server on port 80 while their server does that verification? That's pretty shitty.

Re:Shared hosting

[NormalVisual]

I use a VPS at Joe's Datacenter for offsite backups and other odds and ends and have been quite pleased with the service. $6/month, and they're very good about notices and status updates regarding system issues, upgrades, etc.

Re:Shared hosting

[omnichad]

Remember banks are relying on the "HTTPS" lock icon and instructing their users to look for it and consider themselves "safe" if it exists. ING bank shouldn't have to buy ing.com, ing.org, mying.com, ingbank.com, myingbank.com just because domain ownership is the be all and end all of "identification" on the internet.

This is why you should expect EV-SSL from your bank. There is plenty of additional paperwork required to prove identity and it gives additional assurance with a different icon in the browser address bar.

Very short certs.

[gantzm]

They really want you to automate this. From the web site:

Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

Re:Very short certs.

[kthreadd]

So, hands up. Who has ever forgot to renew a three year cert before it expired?

Re:Very short certs.

[kthreadd]

You don't need to use their software. It's an open protocol. They want more implementations of it.

Re: Irony overload

[tepples]

And one must install anew at least every 90 days.

The intent is that something like cron "install[s] anew at least every 90 days."

I was looking forward to this...

[jez9999]

Unfortunately, their MAXIMUM length of certificate is 90 days and it ain't getting longer; if anything they want to make them shorter in duration. So anyone who doesn't want to or can't, for whatever reason, run some cronjob on their server to auto-renew their certificates should give these guys a miss. Great shame that they let their "automate everything or GTFO" ideology override many people's legitimate need or desire for annual certificates.

Re:I was looking forward to this...

[darkain]

If they don't fit your needs, vote with your dollars. You're more that free to pay for certs from another organization!

On that note: I initially had some issues with part of their implementation, too. But I'm working through it now by having a dedicated VM just for renewing my certs, and then that VM's cron script pushes the cert files to the actual web servers.

It isn't that difficult to work around the limitations on their system right now if you just put a little thought into it.

Re:I was looking forward to this...

It's probably the right decision though, because certificate revocation is terminally broken. Short-lived certificates are the only option to ensure that the expected audience won't have effectively irrevocable certificates floating around for years after losing control over the keys in a configuration mishap.

However, I am certainly not going to trust them with root access to the server, partly because I don't have it myself, and partly because that should not be necessary at all.

Re:I was looking forward to this...

[jez9999]

Oh don't worry, I am voting with my (non-)dollars. I've just signed up for some more annual certs from StartCom. LetsEncrypt and their stubborn attitude can go hang. It's just disappointing, that's all.

Re:I was looking forward to this...

[jopsen]

Why should they work to provide the same as StartCom, seriously...

The whole LetsEncrypt thing is about making the internet more secure. In all honesty long lived certificates is not a good idea. Because most CAs have your certs expire once a year, many people don't automate certificate renewal.
But we should, just like we should rotate passwords, etc... (I know it's not the same).

Obviously, LetsEncrypt won't fit in with most existing setups. Hopefully, shared hosting providers will pick it up and integrate it with their admin interface.

An automated solution is obviously better, so if we're going to push HTTPS, why not do the right way. Rather than trying to replace existing CAs with LetsEncrypt (which isn't the goal).

Re:I was looking forward to this...

[Anomalyst]

What browsers have start.com in their default CA list?

Re:I was looking forward to this...

You can run the LE auto-update software as a non-root user. It takes some thought, but it's 100% doable.

Re:I was looking forward to this...

1) There are some pretty compelling reasons for choosing the 90-day cert expiry period: https://letsencrypt.org/2015/11/09/why-90-days.html

2) You don't have to run the official LE client. ACME is fully documented and at least one fully-functioning alternative client is out there. Given that LE entered public beta *today*, expect many more ACME clients in the near future.

3) ...who *needs* CA-issued TLS certs that have a 365 day expiry period? Far-flung embedded devices that don't even have the horsepower to *do* TLS?

> So anyone who doesn't want to or can't, for whatever reason, run some cronjob on their server to auto-renew their certificates should give these guys a miss.

You're free to go off and spend *far* more than $0 per cert anywhere else. This project is governed and backed by a large array of organizations that have a proven track record of doing *really* good things for personal computing and computer security.

As to automation, you don't manually rotate your logs. If it costs $0 to do so, why would you manually update your TLS key material?

Trust?

[kc_jeffro]

I'm all about free certs - but what kind of general support will there be? The last thing I want to do is tell my mom that her Android tablet can't connect to my web server because Chrome for Android won't trust the connection and won't give her the option to add an exception...

Re:Trust?

Their root cert is cross signed by another big time CA, which is trusted by all the major browsers.

Re:Trust?

[kc_jeffro]

Sweet, thx!

Re:Trust?

[elusive_one]

From: http://lwn.net/Articles/664385... It is hosted by the Linux Foundation and sponsored by the Electronic Frontier Foundation, Mozilla, Cisco, and Akamai. Let's Encrypt also has a cooperation agreement with the certificate authority Identrust, which will sign the Let's Encrypt intermediate certificate. This cross-signature from an existing certificate authority will guarantee that the Let's Encrypt certificates will be accepted by all major web browsers.

Re:Trust?

[tepples]

Or, to put it shorter, "Let's Encrypt is an Identrust reseller."

Re:Trust?

[kthreadd]

No, because it really is Let's Encrypt that signs the certificates, not IdenTrust. IdenTrust has only signed the intermediate certificates that allows Let's Encrypt to be trusted until their own root has made it into most trust stores.

Re: Trust?

[zaphirplane]

Why would a CA authority cross sign a competitors certificate , and kill their own business ? That I don't get

Lets run arbitrary code

[silas_moeckel]

With access to my server's private keys. Who does this sound like a good idea to?

Re:Lets run arbitrary code

[kthreadd]

So inspect the code before you run it. It's open source, written in Python.

Re:Lets run arbitrary code

[silas_moeckel]

It has automated updates built in and is pretty much required to be fully automated to be useful. So I would have to disable those updates until they break it from working then re audit the code again and hope to catch that break before the SSL cert expires. That is a whole lot of work and risk.

Now you could just grab a new expiration date cert via the same certificate request and not need to know the private key in the first place ever but that does not look like how this works it expects to have a free reign. Something like this should never be running as root etc etc etc it's a security product it should have the least amount of rights possible required to do it's job and segment those rights when possible. So an initial setup app that might generate a private key etc etc but needs no network access and a maintenance app that handles sending the CSR to be signed and installing the resulting cert that would need network access and to be able to signal the server to reread the cert.

Re:Lets run arbitrary code

[bingoUV]

Those who don't have the skills to do it otherwise? It is of no use to any other kinds of people anyway.

Re:Lets run arbitrary code

[silas_moeckel]

If your unable to figure out how to install a SSL cert and are running a web server, you should probably not be running a web server and the lack of SSL is the least of your worries.

Re:Lets run arbitrary code

[nullchar]

Agreed, I don't see how any of this needs root at all.

Re:Lets run arbitrary code

[bingoUV]

Then there is no market for this product, so requiring root is least of your worries.

Re:Lets run arbitrary code

[silas_moeckel]

It was supposed to remove the cost of CA signed SSL certs as a roadblock to implementing them.

Re:Lets run arbitrary code

[jones_supa]

It has automated updates built in and is pretty much required to be fully automated to be useful. So I would have to disable those updates until they break it from working then re audit the code again and hope to catch that break before the SSL cert expires.

So why must you audit the code? Can't you simply trust the guys to not deliver malicious code? Do you not think that they are at your side? Why be part of anything in the first place if you can't trust the makers?

Re:Lets run arbitrary code

[bingoUV]

That part works without running this code too.

Re:Lets run arbitrary code

[silas_moeckel]

The code should only need to ready the private key one time during the initial setup. A Cert request is not dated and has no sensitive information and can be reused to get a new cert until the private key changes. Pretty much this is one tool that should be two, one to setup with no need for network access (it creates a priv key a cert request configures other servers) and another that does the every 90 days or more often updates.

But Why?

[mlw4428]

Honest question -- why would you want a cert you have to renew every 90 days? In case it gets stolen? I guess I just don't understand the point.

Re:But Why?

[blackiner]

There is a pretty writeup about modern TLS issues on lwn: http://lwn.net/Articles/664385...
It seems that certificate revocation is not working particularly well in practice. The 90 day duration is meant to help with this, you can simply let the certificate expire.

Re:But Why?

[kthreadd]

There are so many certs now that revocation isn't working as nice as it used to be. It used to be that the user-agent would actually download a complete list of revoked certificates to compare against. That's not really viable so OCSP is used instead. Short-lived certs simply it since we only need to care about revoked certs for a more limited time, and it also encourages automation.

Re: But Why?

[kthreadd]

They want to make them even shorter in the future. 90 days are fine now, so that sysadmins that aren't used to automate things like this can use it as well.

Re:But Why?

[itsdapead]

Bear in mind that current free certificates from the likes of StartSSL expire after 1 year anyway - and are at least 4 times more hassle to obtain and install than Lets Encrypt is shaping up to be.

Re:But Why?

[ModernGeek]

They want you to enable HSTS for long duration (1 year), with certificates that expire in a week so that when you mess with the authorities and don't comply with their demands, they are able to wipe you off of the Internet faster.

Re:Can't Mozilla just listen to its users?!

This isn't Mozilla. Mozilla is a sponsor (as are a number of other companies), but it's not a Mozilla project at all.

man..

[kelemvor4]

Nothing for windows, kind of a disappointing way for the EFF to severely limit their audience.

Re:man..

[BiOFH]

With Windows running only 27% of the Internet's web servers*, calling it "severely limit[ing]" is more than a little hyperbolic.

* source: http://news.netcraft.com/archi...

Re:man..

[Richard_at_work]

Back in the day we web devs would be regularly told that only targeting 97% of visitors through only supporting IE was not good enough, and that 3% counted...

On that basis, 27% of market share is a little more to worry about.

Re:man..

[jones_supa]

Heh, "DOS-based garbage machines". That was pretty funny.

Re:man..

[BiOFH]

Yes, AC, that's _exactly_ what you would do. This is in beta, where you choose a prime sub-section of your market to run tests with. That is literally part of the definition of beta testing.

Re:DOA?

[hey!]

This only looks hard because of a mental block people have about stuff that doesn't have a gui. In reality it's way often easier to copy and paste into a terminal window -- doing obvious substitutions for things like "www.example.com" -- than it is to try to read some gui designer's mind.

You don't have to understand everything "git clone" does, any more than you have to understanding everything that happens behind the scenes when you click a button.

Some people are just hard to please...

[itsdapead]

I understand that the target audience is admins, and that this is beta, but really?

Have you ever had to generate a certificate request, get it signed by a CA and install it in your web server? Its not rocket science but its certainly tedious with a dense jargon thicket to battle through.
./letsencrypt-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
...is improvement beyond recognition.

Anyway, there's a lot of infrastructure behind that command line that should make it easy for the likes of CPanel, Plesk or maybe even Wordpress to wrap it in a nice point-and-drool dialog.

Re:Some people are just hard to please...

[kthreadd]

I remember having to print out (yes, on paper) the CSR, sign it and send it by regular mail.

Re:Some people are just hard to please...

[guruevi]

The only people I remember doing that were the .fr domain name requests. You had to get a physical letter signed by a police officer in France to prove you were a person or get a copy of your physical business permit. Then you had to fax it or mail it in after it went through several other manual steps.

Re: Irony overload

[kthreadd]

And one must install anew at least every 90 days. Wtf, this should be trivial but is instead a sysadmin project with high maintenace.

The idea is that you would automate it, so that the client automatically renews it within the 90 day window.

So DANE

[tepples]

Another option would be to add a TXT record with the challenge-response to the DNS. Control of the DNS literally means controlling the domain.

In other words, the CA would translate a DANE record into an X.509 certificate.

Re:So DANE

[tepples]

The idea is that a DANE CA would act as a transition mechanism, automatically issuing domain-validated certificates for use with user agents that do not yet support DANE.

Re:CA = scam

The reason for expiring certificates is to limit exposure in case the private key falls into the wrong hands. Originally certificate revocation was supposed to deal with this problem, but practice has shown that revocation doesn't work, at all. Even if it did work, the number of revoked certificates that have to be checked against depends on the validity period of the certificates: The longer they were valid originally, the longer they have to stay in the revocation lists. Certificates without an expiry date would have to be kept on the revocation list indefinitely if their keys were compromised.

Ports below 1024

[tepples]

They don't want to have to run weird software as root on their servers, assuming they even have this much access.

They already run NGINX, lighttpd, or Apache as root so it can listen on ports below 1024 (such as 443, the standard HTTPS port). What makes software "weird software"?

StartSSL process

[tepples]

Today I went through the StartSSL process to renew the certificate for a site because it'll more than likely expire before my hosting company has a chance to implement Let's Encrypt. StartSSL isn't really that different from GoDaddy, except for two things: you use a client certificate instead of a password to identify yourself, and verifying domain control and issuing the cert are split into two steps. One e-mail verification to get your individual client cert, another to verify the domain, then paste in the CSR, and a few minutes later, the class 1 domain-validated certificate is siting in your Tool Box. The biggest UI flaw is that the tabs on your user page (Tool Box, Certificates Wizard, Validations Wizard) are arranged in reverse order of how they're used. The second biggest is that the e-mail validation requires you to be aware of tabbed browsing or at least opening your webmail in a new window.

I haven't tried WoSign. Is it any cleaner?

Re: Irony overload

[_merlin]

So much for certificate pinning.

Type-in vs. inbound link traffic

[tepples]

Thank you for explaining. Consider three different attacks on an HTTP session: passive sniffing, active proxying by a man in the middle, and typosquatting. HTTPS with a self-signed certificate solves the first. HTTPS with a domain-validated certificate solves the first two. HTTPS with an organization-validated certificate solves all three.

Want to send encrypted? Generate a certificate and send away, no problem there either.

This resists passive attacks but not MITM or typosquatting. Traditionally, web browsers that support HTTPS have set the bar at MITM.

Want someone to vouch for you that you are the sender you pretend to be? Ouch, that will be $x - not because it is a prerogative of the rich, but we need to do the following verifications which cost $x.

That depends on whether you define attacks on "the sender you pretend to be" to include typosquatting. The premise of StartSSL, WoSign, and Let's Encrypt is that validation that you are the same person who owns a particular domain costs very little on top of what you are already paying for a domain. Perhaps we disagree on the impact of typosquatting, especially in a hypertext environment when people are more likely to find web sites through hyperlinks in other web documents, such as web search results, news articles, opinion columns, social media, and bookmarks, than through type-in traffic.

Remember banks are relying on the "HTTPS" lock icon and instructing their users to look for it and consider themselves "safe" if it exists.

The two tiers of CA-signed certificate have distinct purposes. Domain validation is suitable for basic validation that the sender is authorized to speak for the owner of a particular domain, whereas organization validation is suitable for further validation that the owner of a domain is also an established business. Domain validation is resistant to MITM attacks, but only organization validation is resistant to typosquatting. A hobbyist operator of a forum or wiki would use the former because he wants his site's login page to be resistant to MITM, but he sees little risk (probability times damage) of typosquatting given that forums rely on bookmarks and wikis rely on search traffic. A bank would use the latter because it sees more type-in traffic and thus more risk of typosquatting.

Re:Type-in vs. inbound link traffic

[bingoUV]

Thank you for explaining. Consider three different attacks on an HTTP session: passive sniffing, active proxying by a man in the middle, and typosquatting

There is a fourth one - phishing. You might call it a variant of typo-squatting, but actually it is not. Your attempt to call it social engineering will also be met with a "Nah".

You get an email about updating your ING bank contact details urgently, and get a link to click on directly. But it is ingatyourservice.com - page content look and feel copied from ING's net banking website. User doesn't notice that this is not real ING, ignores the few mistakes in copying the phishers made, and enters everything the website asks.

There is a fifth attack vector - though none of the business of website owners or visitors. But EFF has made it their business to complain about it. It is the dragnet surveillance by TLAs. HTTPS prevents that too. "Let's Encrypt" sounds like an attack on that attack.

The two tiers of CA-signed certificate have distinct purposes.

You know more than me about the certificate business. But both - banks' padlock icon and Joe Sixpack's website's padlock icon look the same to me.

Re:Type-in vs. inbound link traffic

[tepples]

There is a fourth one - phishing. You might call it a variant of typo-squatting, but actually it is not.

Phishing is similar to typosquatting in that the user is being redirected to the wrong domain. I agree that an organization-validated cert protects against this, especially among novice users who can't be trusted to stick to bookmarks. But a domain-validated cert might be enough if credentials aren't valuable enough to allow rapid irreparable damage before blocking the account, such as a forum or wiki account compared to a bank account.

There is a fifth attack vector - though none of the business of website owners or visitors. But EFF has made it their business to complain about it. It is the dragnet surveillance by TLAs. HTTPS prevents that too. "Let's Encrypt" sounds like an attack on that attack.

This counts as passive sniffing and occasionally MITM.

both - banks' padlock icon and Joe Sixpack's website's padlock icon look the same to me.

On Pin Eight, which uses a domain-validated certificate, Firefox shows me only a green lock. On Chase, which uses an organization-validated certificate with EV extensions, Firefox shows me a green lock plus "JPMorgan Chase & Co." in green.

Re:Type-in vs. inbound link traffic

[bingoUV]

This counts as passive sniffing and occasionally MITM.

MITM is too much work for dragnet. But yeah, passive sniffing.

On Pin Eight, which uses a domain-validated certificate, Firefox shows me only a green lock. On Chase, which uses an organization-validated certificate with EV extensions, Firefox shows me a green lock plus "JPMorgan Chase & Co." in green.

You're right, I notice that now. But distinction is not big enough for the people who will get scammed by the phishing. And I remember emails from my bank a few years ago about looking for the padlock icon - this distinction wasn't made there.

So it remains a bad idea - insufficiently validated websites getting that padlock, getting more people to be phished. All due to conflating encryption and sender validation.

Re:Type-in vs. inbound link traffic

[tepples]

"A site doesn't need MITM protection unless it also needs phishing protection." Are you claiming or not claiming this?

MITM is too much work for dragnet.

Yet MITM is common on corporate networks.

And I remember emails from my bank a few years ago about looking for the padlock icon

It depends on how long ago was "a few years ago". Was it before the introduction of extended validation? If so, browsers might not yet have introduced UI to distinguish domain- from organization-validated certificates.

So it remains a bad idea - insufficiently validated websites getting that padlock, getting more people to be phished.

For a web site operated by an individual as a hobby, where the operator desires protection from passive and MITM attacks, what measures count as "sufficient validation" to you? When forming your answer, consider that trademark laws do not apply to names of individuals to the same extent that they apply to names of companies. Different people may have the same name. This means a domain name displayed in the address bar might be more distinctive than an individual's name displayed in the address bar. Or ought sites operated by individuals to lack protection from MITM attacks?

Re:Type-in vs. inbound link traffic

[bingoUV]

Thanks to you, I learnt about EV certificates.

"A site doesn't need MITM protection unless it also needs phishing protection."

Everyone "needs" all kinds of protection, but different people pay for different ones. MITM is used in a way of phishing, so you cannot protect against phishing unless you also protect from MITM . But if certificates are a dime a dozen, you've not really protected from MITM phishing as well as impersonation phishing. You're only achieving the encryption in transit, and preventing the scary message most browsers show when using self generated.

So Mozilla as a partner of this project could help much more by simply allowing a user preference for not showing scary message for self generated certificate, rather than this round about way of generating certificates every 90 days.

It's like printing money and distributing among the poor - appears noble , but brings down the very value of money. Certificates are not very unlike money here, are they?

Re:Type-in vs. inbound link traffic

[tepples]

But if certificates are a dime a dozen, you've not really protected from MITM phishing as well as impersonation phishing.

Then let me reword my perception of your central thesis one more time: "It is not worth making a certificate that protects against impersonation of a domain owner using the same domain unless it is also worth paying for a certificate that protects against impersonation of a business using a different domain." Do I have it right now?

Re:Type-in vs. inbound link traffic

[bingoUV]

It is not worth making a certificate that protects against impersonation of a domain owner using the same domain unless it is also worth paying for a certificate that protects against impersonation of a business using a different domain

Depends on the ease of attack. One way I see for same domain impersonation is by compromising the user's DNS. Are there others? DNS compromise is somewhat involved but not extremely difficult, not very common in my experience with novice users, nor in the news I read.
But you are right, in that this attack vector definitely cannot be ignored, so it is worth making a certificate to protect against the same domain attack.

So does it boil down to Let's Encrypt being a protection against DNS compromises?

Re:Type-in vs. inbound link traffic

[tepples]

So does it boil down to Let's Encrypt being a protection against DNS compromises?

Until all domains' DNS servers are upgraded to support DNSSEC and all web browsers are upgraded to support DANE, half of what a DV cert does is defend against DNS spoofing on a user's first visit. The other half is a protection against transparent proxying.

Re:Check their own SSL its from a french company

[guruevi]

a) You should be renewing your SSL certificates more frequently anyway to prevent nation-states from guessing your private key by analysis of your weaker SSL protocols.
b) You automate it, it costs you $100 once and you have a lifetime of SSL certificates across your entire server farm if need be. I think hosting providers may even opt to insert it right into your base images.
c) Commercial entities and green bars really don't provide any extra security. The entire green bar is a marketing scam, it doesn't prove anything as has been proven by people being able to obtain illicit ones.

Re: Irony overload

[nullchar]

Which is also easy to automate on the server side... It's just a header value you stick on every response. If you are cert-pinning on the client side then you might want another mechanism to help out, perhaps the DANE protocol.

Re:"First install Git"

[itsdapead]

Doomed to fail. The people who aren't deploying SSL are also the ones who can't install Git.

Give it a chance - its only just been released as beta. Since Its Open Source, packaged versions for all the major Linux distros will undoubtedly follow (there are already a couple). Also, people are missing the point that, apart from the client tool, there's a ton of infrastructure behind this that greatly simplifies the process of obtaining a certificate. There's now no technical excuse why, in a years time, the control panel for your web hosting service, or even your CMS, shouldn't sport a big friendly "Secure with Let's Encrypt" button (with an 'auto-renew' checkbox alongside).

Get going

[xororand]

The protocol is free and open source. You're free to reimplement it in C.

Can novices tell DV lock from EV lock?

[tepples]

I think bingoUV's point is that novice users do not know what to look for to tell the difference between DV and EV certificates. The icon is the same either way: a lock for DV or a lock and business name for EV. Novices don't know to look for the business name because they haven't been taught so, as back when TLS proponents were first saying "look for the lock", EV didn't exist.

Re: Can novices tell DV lock from EV lock?

[omnichad]

That's more of a browser implementation problem. It's still the right choice if someone can think of a good way to distinguish between secure and trusted. A lock probably isn't the right icon for trust, years of passive training aside.