Google Joins Mozilla and Apple In Distrusting WoSign and StartCom Certificates

itwbennett quotes a report from CSO Online: Following similar decisions by Mozilla and Apple, Google plans to reject new digital certificates issued by certificate authorities WoSign and StartCom because they violated industry rules and best practices. The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by the two authorities after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them. Certificates issued before October 21 will continue to be trusted as long as they're published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers. "Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance," said Chrome security team member Andrew Whalley in a blog post Monday. "As a result of these changes, customers of WoSign and StartCom may find their certificates no longer work in Chrome 56. Sites that find themselves on the whitelist will be able to request early removal once they've transitioned to new certificates," Whalley said. "Any attempt by WoSign or StartCom to circumvent these controls will result in immediate and complete removal of trust."

Why the half-assed implementation?!

Drop them! Don't do decisions based on issue-date, pki is already complicated and broken enough...

pre-existing

"Google Chrome is unable to trust all pre-existing certificates"

How can you trust a certificate before it exists ?!

Re:pre-existing

[guruevi]

It's complicated. They're basically whitelisting all StartCom certificates before a certain issue date. However, WoSign silently took over StartCom and started sharing infrastructure and keys for about a year. When Mozilla investigated them for backdating weak certificates, they split up the operations again trying to 'fix' the situation and fired WoSign's CEO.

Since they were sharing infrastructure for about a year and it's not sure how many certificates were backdated a browser can't be sure when WoSign's key(s) and StartCom's key(s) were used to sign the certificate and whether or not it was backdated.

So they can't "trust all pre-existing certificates" but they can trust certain ones (the ones they are sure were definitely issued and signed by StartCom before they were taken over).

Re:pre-existing

For small values of "fired". Richard Wang was still "acting CEO" last week and presumably remains in that position today.

Supposedly this is until his employers (QiHoo 360 basically) get their act together and appoint someone new. But being serious for a moment, a $$$ corporation like that will have big hitters it is able to parachute in within hours for an executive crisis, two days at most. If QiHoo actually wanted Wang gone, he'd have vanished off the face of the Earth. So this is a sign that the "show of good faith" stuff was worthless and ultimately WoSign and probably StartCom are destined for an ignoble end.

Re:pre-existing

[AmiMoJo]

I see both WoSign and StartCom are still issuing certs. Not just SSL, but code signing for things like Windows drivers.

Seems like they are both basically out of business now.

Firefox

I'd like to do this with Firefox.

Alternatives?

Any alternatives out there that are free and provide server *and* client certificates which are valid for at least 12 months (letsencrypt fanboys, don't bother)...?

Re: Alternatives?

You can get FREE certificates at Let's Encrypt.

Re: Alternatives?

[viperidaenz]

No client certificates, only domain verification certificates.

Re:Alternatives?

What's wrong with lets encrypt?

Re: Alternatives?

Let's Encrypt, motherfucker. Stop babbling about client certs.

Re:Alternatives?

[dgatwood]

Any alternatives out there that are free and provide server *and* client certificates which are valid for at least 12 months (letsencrypt fanboys, don't bother)...?

No. All the other free certificates are limited to 90 days. The net effect of this decision is that only big companies and people with too much free time can afford TLS.

Re:Alternatives?

Any alternatives out there that are free and provide server *and* client certificates which are valid for at least 12 months (letsencrypt fanboys, don't bother)...?

What's wrong with lets encrypt?

Really dude?? What about TWO out of TWO things it does not do?!

Re:Alternatives?

The net effect of this decision is that only big companies and people with too much free time can afford TLS.

Ummm, you can get a certificate issued by Comodo for $5 USD per year:

https://www.ssls.com/ssl-certi...

It's a real certificate, trusted by all browsers,

It has both the Server Authentication (1.3.6.1.5.5.7.3.1) and Client Authentication (1.3.6.1.5.5.7.3.2) OIDs.

If securing your data on the internet isn't worth $5 to you, then I can't help you.

But please stop whining.

Re:Alternatives?

[lucm]

Any alternatives out there that are free and provide server *and* client certificates which are valid for at least 12 months (letsencrypt fanboys, don't bother)...?

I can get you as many certificates as you want that work as long as you want. Do you need a specific issuer? What about "Certificates For Cheapskates Inc.".

Re:Alternatives?

[TheRaven64]

The other poster's already mentioned client certs. Not so relevant for browsers, but I use a StartSSL cert for S/MIME in email. The other issue with Let's Encrypt is the thing last week where a bunch of security experts pointed out problems with the fact that they don't require revalidation and make it possible for a brief compromise to allow a third party to get valid certs for your domain for up to two years and the people running Let's Encrypt are claiming that this is not a problem. Coincidentally, the big backers of Let's Encrypt are the ones pushing hardest to remove StartCom's trusted status (ignoring the fact that they still trust a bunch of other CAs, such as the one that's basically owned by the Turkish intelligence agency).

Re:Alternatives?

[TheRaven64]

It's not trusted by my browser. I removed Comodo from my list of trusted CAs after their last breach. I'm astonished that they're still in business. Someone seriously suggesting trusting Comodo over StartCom is really showing how broken the CA system is.

Re: Alternatives?

[jez9999]

Why the hell should we install their stupid software on our servers? It's a totally unnecessary extra security risk. A yearly certificate is PERFECTLY alright and is no kind of security risk. I don't know what Let's Encrypt's game is, but their intractable refusal to issue yearly certs is unacceptable and extremely stupid and I would rather pay for an SSL cert than put up with their bullshit attitude.

Re:Alternatives?

It's not trusted by my browser. I removed Comodo from my list of trusted CAs after their last breach. I'm astonished that they're still in business. Someone seriously suggesting trusting Comodo over StartCom is really showing how broken the CA system is.

Well now, it must SUCK TO BE YOU

Re:Alternatives?

Mozilla is full of zealots that will throw out the baby, the bathwater and the rest of the house for it's bigoted views.

ALL the CA's have had MAJOR issues with bad certs and failed validations. Heck Google even found ot that the French CA run by the Gov't was signing certs for Google domains with NO VETTING.

Wosign did nothing illegal... it backdated some SHA-1 certs, which IS ALLOWED. Starcom was sold to a Chinese company.. is that illegal? NO.

Mozilla is a bunch of neckbeard zealots who need publicity stunts like this to remain relevant.

Re:Alternatives?

[jez9999]

It's shit. It doesn't let you choose what subdomain is on the cert, they just add "www". StartCom let you add a custom subdomain so you could secure devel.mydomain.com or something for a development site.

Argh, this whole situation sucks so much.

FUCK GOOGLE.

Re:Alternatives?

[dgatwood]

That's a showstopper for me, and probably others. With Comodo, I would have to buy a wildcard for hundreds of dollars instead of a few free certs from StartSSL. TLS just went from self-evident to unaffordable and out of reach.

Re:Alternatives?

It's shit. It doesn't let you choose what subdomain is on the cert, they just add "www". StartCom let you add a custom subdomain so you could secure devel.mydomain.com or something for a development site.

Ummm, no.

Comodo lets you put whatever subdomain you want on their certificates.

They do add www though, so if you want a cert for "domain.com", the cert will be issued for both "domain.com" and "www.domain.com".

If you want a cert for "subdomain.domain.com", the cert will be issued for both "subdomain.domain.com" and "www.subdomain.domain.com".

If you want a cert for "sub2.subdomain.domain.com", the cert will be issued for both "sub2.subdomain.domain.com" and "www.sub2.subdomain.domain.com".

I don't consider that to be a problem.

Re:Alternatives?

[jez9999]

That still means you have to buy 2 certificates just so you can get one for your main domain and your subdomain of choice though. It sucks hugely, compared to StartCom giving a free cert with a subdomain of your choice.

Re:Alternatives?

That's a showstopper for me, and probably others. With Comodo, I would have to buy a wildcard for hundreds of dollars instead of a few free certs from StartSSL. TLS just went from self-evident to unaffordable and out of reach.

It's $5 USD per domain per year from Comodo: https://www.ssls.com/ssl-certificates/comodo-positivessl

That is unaffordable and out of reach for you?

How much did the lock on the front door of your house cost? (I hope you spent more than $5 on it)

How much did your phone cost?

How much did your computer cost?

Re: Alternatives?

Is there a real use-case for client-certs issued by a third-party CA?

This is an honest question, not just trying to be difficult... the only times I've encountered or used client-certs is when they are issued by a CA that is run by the organization that accepts the certs. Server certs for general use on public-facing servers need to be trusted by all clients, so having them be issued by the "big" trusted CAs make sense, but in my experience client certs are trusted only by whatever party the cert is being presented to, and thus can be issued from their own internal CA.

Re: Alternatives?

[heypete]

You don't have to run their software (that is, the reference implementation) on your servers. There's plenty of other ACME clients, including short Bash scripts that don't require root and are relatively easy to audit. You could write your own, if you want.

The short expiration times for Let's Encrypt certs exist for two reasons:
1. Revoking certs is a pain. Yes, OCSP is a thing, but malicious actors that can control the network can block OCSP and force users to keep trusting revoked certificates up to their expiration time. Most browsers treat OCSP failures as a soft-fail. This is partially alleviated with OCSP stapling, but not many servers support it. By having short certificate lifetimes, the window of validity for a compromised certificate is smaller.

2. It encourages automation. Rather than certificate issuance (and renewal) being an unusual thing that one needs to do every 1-3 years, during which time one likely has forgotten the procedure and has to go through many manual steps, issuing and renewing certs becomes routine and something easily scriptable and handled by automation. This makes it easier for more sites to deploy HTTPS, and for hosts to enable it with easy, automated tools.

Of course, there's plenty of other CAs out there offering relatively inexpensive certificates with longer lifetimes if you wish. As you say, that's something you prefer. That's fine too: I use LE certs for most of my sites, but some long-lived ones from other CAs for others. It's nice having options.

Re: Alternatives?

[jez9999]

Yes I've heard those arguments, and no doubt OCSP will work for some people. However in my view they are taking a very preachy approach by flat-out refusing to issue 1-year certs, rather than just recommending the shorter-length ones. It's the kind of "our way or the highway" that the UX people at Google and Mozilla take with respect to their browser interfaces, and I consider it the height of arrogance. It turns me off the whole damn organization.

Let's Encrypt could easily have offered a 1 year option. It's no real skin off their nose. They could even warn that "these may be 0.0001% more of a problem because when you (virtually never) need to revoke them it is harder). But they shove their ideology of short cert lifespans down your throat despite MANY requests from users to do otherwise.

So yeah, screw them. I would indeed prefer to pay for a year's cert. It is a great shame that LE had to be so intransigent.

Re: Alternatives?

[jez9999]

Gah, I didn't mean OCSP above, I meant ACME.

Re: Alternatives?

[heypete]

The security aspect (in regards to revocation) of shorter keys is nice, but encouraging automation to make widespread HTTPS use easy is the whole point of Let's Encrypt. It shouldn't be a surprise that they set cert lifetimes to encourage automation.

Without automation, deploying secure sites is a pain: administrators have to go through tedious, error-prone manual work that the typical mom & pop business or individual website won't bother with. This maintains the status quo, with not many sites being secure.

With automation, the user who otherwise wouldn't deploy HTTPS simply clicks a button on their web host management interface and Presto!, their site has a cert. (Alternatively, HTTPS could be enabled by default for them, as it is with WordPress.com-hosted sites.) For more technical administrators, a simple command-line tool and a cronjob take care of things in seconds. Easy, and it promotes a more secure web.

There's nothing magical about 90 day certs, and the timing was chosen to be short enough to encourage automation while being long enough to allow for manual renewal if needed. Indeed, they even say, "Once automated renewal tools are widely deployed and working well, we may consider even shorter lifetimes." That's fine with me: it's no skin off my back if they start making certs only valid for a week or two, as a daily cronjob manages everything.

Of course, your mileage may vary and you have your preferences. That's totally fine -- I too use non-LE certs for some internal services where automation isn't really viable -- and nobody's forcing you to use their service. It's a free internet, after all, and there's other CAs to choose from.

Re: Alternatives?

[heypete]

By "shorter keys" I mean "shorter certificate validity periods". Sorry for the confusion.

Re: Alternatives?

[jez9999]

That's an argument for offering shorter cert lifetimes, offering automation, and defaulting to it. It is not an argument against offering year-long certs for those of us who prefer them. And frankly I consider integrating their software into my existing website to be a royal pain, so much so that I will be paying Comodo for a yearly cert instead just to avoid it. I'm fine with manually replacing my certs every year. I basically have to replace a few files on my system and reboot a few services.

Re:Alternatives?

You didn't read the parent's comment. He needs a wildcard cert (and IMO, any cert which doesn't allow wildcards is worthless. I own the domain and all possible subdomains, so why the hell can't I secure them all?)

Got It

Get your root cert stolen (Comodo) ? Issue certificates for domains not owned by the requester (Symantec)? Charge for the privilege of having a cert signed by you? No Problem, we'll just distrust the specific problematic certificates

Back Date a couple of certificates ? Don't charge? Compete with another free certificate authority? OMGWTFBBQ! YOUR CERTIFICATES ARE BANNED MOTHERFUCKER ENJOY YOUR COMPANY FOLDING!

Re:Got It

[TroII]

Back Date a couple of certificates ? Don't charge? Compete with another free certificate authority?

You are seriously understating the pattern of behavior on WoSign's part that led to this decision. (Comodo is no better IMO.)

Re:Got It

[jez9999]

You wanna talk about a shitty pattern of behaviour, look no further than Mozilla.

They have had nothing but complete contempt for their long-term users by turning their browser into an inferior copy of Chrome.

FUCK MOZILLA. Total bastards, the lot of them.

Yet Symantec remains?

Yet Symantec continues to be trusted? Despite being caught issuing fake Google certs?
https://www.eff.org/deeplinks/2015/09/symantec-issues-rogue-ev-certificate-googlecom

And then there is BlueCoat, the certificate they issued them to let BlueCoat fake practically any certificate... but hey, it was for "security" right? So that BlueCoat could run anti-virus checks on encrypted data for companies, while somehow the company couldn't simply add BlueCoat to the trusted authorities list? And in no way was that cover for TLS interception by men in uniforms?

Essentially nullifying any value in the certificates system in one go!

Fook em, certificates should never expire, should never require renewing, you trust a certificate because over the years you use it it stays the same. Trust is built up over time, attackers cannot go back in time so you know its the same site as it was years ago. Attackers cannot be 100% attack forever, so time will cleanse any attack. Time is security, nothing else.

Certificate authorities are backdoors.

Re:Yet Symantec remains?

[lucm]

And then there is BlueCoat, the certificate they issued them to let BlueCoat fake practically any certificate... but hey, it was for "security" right? So that BlueCoat could run anti-virus checks on encrypted data for companies, while somehow the company couldn't simply add BlueCoat to the trusted authorities list? And in no way was that cover for TLS interception by men in uniforms?

At work they use a Bluecoat proxy. They configured that magnificent product to decrypt outgoing SSL on-the-fly and reencrypt it on the inside with fake SSL certificates. That way the "security" team can spy on encrypted traffic (such as my gmail password).

In case you suspect your employer of doing the same thing, here's something I noticed. They apparently can't spoof issuers on the fly and there's too many of them to prepare in advance, so they use the same fake issuer for every single certificate. Corporate browsers are easy to tweak with stuff like GPO so they can't be relied on to inspect a certificate, but low-level tools like curl or wget can prove useful to show what's going on.

Corporations who do this kind of thing are weakenig SSL as a whole and they are creating a false sense of security. This is really bad.

Re: Yet Symantec remains?

[p91paul]

Certificates expire for a very technical reason: they can be trusted because we assume the encryption on which they are based is unbreakable. However, given enough computational power you can break all certificates; they are unbreakable because we believe there is NOT enough computational power to break them. Since computational power available is increasing, certificates issued a few years ago are useless sequences of bits, even though they were very trustworthy at the time they were issued.

Re:Yet Symantec remains?

Corporations who do this kind of thing are weakenig SSL as a whole and they are creating a false sense of security. This is really bad.

Sorry to tell you that it isn't weakening SSL per se and it doesn't create a false sense of security either. The layer-8 stuffed behind such proxies would never bother to check their browser warnings and the proxy is usually set up so it blocks connections to hosts where a warning would be issued. It also helps to prevent drive-by infections and more. You can try to educate them, but it's futile and you can't airgap them, because they somehow sittl need some connectivity.

Re:Yet Symantec remains?

Corporations who do this kind of thing are weakenig SSL as a whole and they are creating a false sense of security. This is really bad.

Corporations have a fiduciary responsibility to protect the company and it's property. People that invest in companies expect the operators of the company to protect their investment and the company assets purchased via those investments. That's a form of trust by the way.

If you are doing something at work that your company has forbidden in some way, then it SUCKS TO BE YOU if or when you get caught.

If your company permits access to it's network and internet bandwidth for your personal use, ALWAYS BE SUSPICIOUS. Never assume you are not being spied upon while at work.

To think you have any sense of privacy while at work, except for your time in the loo (dunny), is SIMPLY NAIVE on your part.

Then again I bet you also trust public WiFi when you see the green LOCK symbol in your browser or mobile device. Again SIMPLY NAIVE on your part.

Re:Yet Symantec remains?

[lucm]

You're missing the point. It's not about privacy, it's about opening the door to actual MITM attacks. I just used the gmail password as an example.

The purpose of SSL is to secure the connection between a client and a server. When you start injecting gateways that decrypt/scan/reencrypt the traffic, you break the system. You no longer can rely on actual issuers and certificates; you're basically trusting blindly a single source.

It's like having your ISP hijack DNS queries to show you ads when a domain is not found, it's "great" as long as the ISP itself is not vulnerable to attacks. Otherwise they just become a top tier vector for malware and whatnot.

Also there's the question of priorities. Decrypting SSL traffic doesn't "protect" the network, it just gives snooping power to the security team. And I have yet to see an organization where all the basic aspects of security are handled so well that scanning SSL traffic is a worthy concern. That's like installing a biometric lock on the bathroom door in a gas station that has no alarm system or cctv; maybe efforts are not spent on the real issues.

Re:Yet Symantec remains?

Corporations who do this kind of thing are weakening SSL as a whole and they are creating a false sense of security. This is really bad.

Seems that what they are doing is in fact exploiting limitations that already exist in SSL/TLS (the "chain of trust" that is not actually trustworthy). It's bad that these limitations exist, but I feel better knowing about them so that I can keep them in mind when making security decisions.

Shared hosting and subdomains

[tepples]

Let's Encrypt, motherfucker.

ACME CAs such as Let's Encrypt have practical problems in the following situations:

A. The website is hosted on shared hosting, and the shared host offers no way to automatically run Certbot or another ACME client to request and install a certificate. There exist ACME clients that run without superuser privilege, but a provider may offer no way for subscribers to automate uploading a certificate obtained through an ACME client. Until very recently, for example, WebFaction required to manually file a support ticket every time. And for Let's Encrypt, this would be less than two months.

B. The owner of a domain allows users to sign up for subdomains. Let's Encrypt does not offer wildcard certificates and severely limits how many certificates can be issued under a particular domain in one week (source). This has already caused problems, for example, for operators of dynamic DNS services who want to make certificates available to their subscribers.

Stop babbling about client certs.

Why?

Re:Shared hosting and subdomains

A. The website is hosted on shared hosting, and the shared host offers no way to automatically run Certbot or another ACME client to request and install a certificate. There exist ACME clients that run without superuser privilege, but a provider may offer no way for subscribers to automate uploading a certificate obtained through an ACME client. Until very recently, for example, WebFaction required to manually file a support ticket every time. And for Let's Encrypt, this would be less than two months.

In which case that host sucks and customers should stop using them. Some out there claim you need a separate IP address even though you don't.

DreamHost among others has builtin support for Let's Encrypt. If a provider doesn't let you upload your own certificate in an automated fashion, I can't imagine what other things require unnecessary manual intervention.

Re:Shared hosting and subdomains

[tepples]

In which case that host sucks and customers should stop using them.

Many hosting plans are paid annually rather than monthly. If someone has paid ahead for several months of hosting, a $5 per year Comodo certificate valid until the date that the hosting is up for renewal would be cheaper than forgoing several months of paid-for services.

Some out there claim you need a separate IP address even though you don't [with Server Name Indication].

Only for the past two and a half years has that been true. Because Internet Explorer on Windows XP didn't support Server Name Indication, compatibility with all major supported web browsers required a separate IPv4 address for each certificate. This changed in mid-April 2014 when Windows XP reached end of life. I think a lot of shared web hosts didn't offer SNI because they wanted to reduce the cost of support calls from users of combinations of browser and operating system that are incompatible with SNI.

DreamHost among others has builtin support for Let's Encrypt.

I switched to WebFaction in December 2012 because it offered SNI, unlike the hosting I had at the time. Did DreamHost offer SNI hosting back in 2012, or was it cleartext- or dedicated IP-only back then?

Re:Shared hosting and subdomains

This changed in mid-April 2014 when Windows XP reached end of life.

No it didn't. Windows XP reaching EOL only means that Microsoft stopped supporting it, not that users stopped using it. At that time, there was already talks about Windows 7 EOL, and big promises about Windows 9, so many people decided to wait. Later they saw how Windows 7 users were force-upgraded to Windows 10, and XP became the last safe desktop Windows.

And now, Windows 7 is even closer to EOL, and still no replacement desktop OS. And these are already people that don't buy the newest shiniest Surface tablet, just because it's new, so no chance of getting them onto Windows tablet edition 8 or 10.

Re: Shared hosting and subdomains

I have pound web proxy and a script that every day checks and if needed renews all my 20 fqdn certs at one single 443 port on a single ip.
Took me 1 hour to set it up.

Re: Shared hosting and subdomains

[tepples]

So once your script determines that a particular certificate needs to be renewed, makes a CSR, and obtains a renewed certificate, how do you automate installation? Not all shared hosting providers offer an API to install a renewed certificate without human intervention.

CORRECTION

[tepples]

And for Let's Encrypt, this would be less than two months.

Allow me to correct my prior comment: About two and a half months is practical. So a shared hosting subscriber would have to remember to renew the certificate and request installation from the provider about five times per year.

Is there someone else?

[Espectr0]

We have had Starcom certificates because they seem to be the only ones giving out free SSL certificates for websites.

Is there someone else doing this for free? No, we really can't buy them in our country and current situation.

Re:Is there someone else?

maybe letsencrypt can help you.
https://letsencrypt.org/

Re:Is there someone else?

I call bull shit 30 seconds and the cheapest cert I can find is $56 dollars a year. Thats only slightly more than 1 dollar a week. If your small business can't afford that then you can't afford hosting anyways and I'm sure certs can be found cheaper if you look.

Re:Is there someone else?

[lucm]

I buy Comodo certs from a reseller for $6/year (no volume required). They are a bit clunky to setup at first because there's a few certs in the chain that are easy to miss if you're not careful, but they do work on all the browsers and devices I've tested.

Re:Is there someone else?

[Roman+Mamedov]

Well there's also WoSign... OH WAIT.

Nope, both of the sensible free options are killed now, everyone wanting free certs is being funneled into the Let's Encrypt bullshit.

Re:Is there someone else?

[jez9999]

Which sucks if you don't want to install their fucking software on your machine to update the certificate every 5 minutes because they refuse to issue annual ones.

Re: Is there someone else?

Gandi.net
$16/year

Re:Is there someone else?

[The-Ixian]

IMO, $6/year is about how much a digital cert should cost. You are covering the compute time and bandwidth costs and then some.... I don't understand why DV certs are so expensive....

Time to dump Chrome, Firefox, etc

I don't want these companies having such control.

I reject all certs

I looked through the list in my browser, I don't trust any of those companies.
Gone.

Outrageous

[jez9999]

This is terrible. Now there is only Let's Encrypt to get free SSL certs, which basically requires you to install their software on your machine to renew your certs because their expiry time is so ludicrously short.

Fuck you Google (and fuck you Mozilla, Google's lapdogs). I personally can use Pale Moon, but there's nothing I can do about the hordes using Chrome. :-(

Re:Outrageous

[AmiMoJo]

What's the point of a free SSL cert if it can't be trusted? The whole point of having it is to establish trust that you are who you say you are.

Re:Outrageous

[thebes]

Correction: the free certs only vouch that you admin the domain name, nothing more. That is not the same as trusting an individual or organization

Re:Outrageous

I get the overall anger, but not why you're blaming Google and Mozilla for WoSign's negligent fuckup. Can you explain?

Someone once did something bad to me, too. Perhaps I should blame you for it?

Re:Outrageous

So then pay for a cert from a real CA then if it's so important to you. Sheesh.

Re:Outrageous

Trust and encryption should be two different things, however. I find it funny that people berate those using self-signed certs citing trust issues, but will happily browse non-https sites as if that's more trustworthy. I may be in the minority, but I'd rather see some form of self-signed certs be 'allowed' so that we can at least move to a more secure browsing experience. Yes, it's still up to the user to decide if the site is actually trustworthy but that's now really much different than it is now. However, we will never see this because the big corps make too much money charging $99+ for some silly little thing that says your site is 'secure' despite never needing to supply/prove your identity to the issuer.

Re:Outrageous

[chefmonkey]

Fuck you Google (and fuck you Mozilla, Google's lapdogs).

You need to update your conspiracy theories. The paranoid series of twisted, ignorant logic that was once used to make this statement was utterly undermined when Mozilla stopped taking search referral money from Google.

Re:Outrageous

The whole point of having it is to establish trust that you are who you say you are.

That is what they said. It is up to you if you trust wizbang.org, but SSL is there to tell you that you are actually getting things from/sending things to that organization.

Re:Outrageous

Then just keep using your cheap rebrand of Firefox 28 and keep your fool opinions to yourself. You clearly don't understand the issue, motivations, or considerations made here. The "hordes" deserve a better browser that cares about their security and privacy, not some third rate knock-off that lets them move a couple more UI elements around at the expense of everything else.

Re:Outrageous

[jez9999]

Because instead of a temporary halt on StartCom certs, Google are taking the draconian action of saying they will NEVER TRUST THEM AGAIN. That is ridiculous. What if StartCom start up under a different name, can they be trusted then?

They made a small mistake. It is so over the top to stop trusting them "for evermore" because of this that it makes me thing they're trying to corner the free SSL cert marker with Let's Encrypt.

Re:Outrageous

[jez9999]

Well I'll have to now, won't I?

I hope you're fucking happy that I and many others have lost our perfectly good free SSL certs that worked fine for years, because literally 2 dodgy certs were issued by StarrCom. Now we'll be out of pocket for no good goddamn reason.

Re:Outrageous

[jez9999]

Yeah but that's useful. I don't always need to "trust an individual or organization", sometimes I just want to be sure I'm really connecting to the proper server(s) for that domain.

Re:Outrageous

[jez9999]

Get back to me on that when Mozilla shut up shop, and officially tell their users to just install Chrome. Probably when Firefox's market share is at 1 or 2 percent. I predict that's exactly what they'll do. They've been on that trajectory for years now.

Re:Outrageous

Because other CAs have done MUCH WORSE and are still accepted.

WoSign backdated older SHA-1 certs. THIS IS PERMITTED BY MOZILLA. The 'problem' is that they didn't do it in a way that very, very, very few people ever need to know about (updating the master cert list). So basically they didn't cross all the T's and dot all the I's.

The other 'major' issue is that WoSign is a Chinese company... and all Chinese company's are bad.. (in Mozilla's eyes... bigots gotta bigot).

Other CA's have done MUCH, MUCH worse... but hey, they're not Chinese.

Re:Outrageous

[hlee]

It wasn't a "small" mistake.

The investigation concluded that WoSign knowingly and intentionally misissued certificates in order to circumvent browser restrictions and CA requirements. Further, it determined that StartCom, another CA, had been purchased by WoSign, and had replaced infrastructure, staff, policies, and issuance systems with WoSign's. When presented with this evidence, WoSign and StartCom management actively attempted to mislead the browser community about the acquisition and the relationship of these two companies. For both CAs, we have concluded there is a pattern of issues and incidents that indicate an approach to security that is not in concordance with the responsibilities of a publicly trusted CA.

https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

Re:Outrageous

[jez9999]

It still doesn't mean they have to PERMANENTLY stop trusting them. They could have given a path back to being trusted rather than robbing us of free year-long SSL certs.

Re:Outrageous

[The-Ixian]

I think that if WoSign/StartCom made any meaningful moves toward rectifying the situation when it was first brought up, there wouldn't be an issue right now.

Everyone makes mistakes. All anyone is expecting is for the mistake to be acknowledged and corrected.

My understanding is that WoSign/StartCom basically ignored all efforts to get to an understanding and the yanking of trust is literally a last resort.

Re:Outrageous

"Now there is only Let's Encrypt to get free SSL certs, which basically requires you to install their software on your machine to renew your certs because their expiry time is so ludicrously short."

Nah. LE cert management uses the ACME protocol, documented here: https://tools.ietf.org/html/draft-ietf-acme-acme-04 (note that that's Standards Track document!)

There are _many_ ACME clients: https://letsencrypt.org/docs/client-options/

Or you can write your own! The spec is straightforward.

Re:Outrageous

What's the point of a free SSL cert if it can't be trusted?

That is a pretty good argument for getting rid of the whole CA system.

Re:Outrageous

[heypete]

It is so over the top to stop trusting them "for evermore" because of this that it makes me thing they're trying to corner the free SSL cert marker with Let's Encrypt.

To what end? Let's Encrypt has gotten some funding from Mozilla and others, but otherwise is a separate entity run by the ISRG.

Since they don't sell any certificates (they're all free of cost) and running the service ends up costing lots of money (about $3m/year, they say), what motive would they have for "corner[ing] the free SSL cert marke[t]"?

Nothing's preventing anyone else from starting a free CA.

Will GoogleBots ignore the same sites Chrome does?

[xanthos]

Yeah right. Google feels fit to declare what sites you may and may not browse, but be assured that they will still crawl those sites and correlate any links, email addresses, phone numbers etc they find there.

Google, the ultimate nanny state.

Forever day bugs cause insecure clients

[tepples]

Windows XP reaching EOL only means that Microsoft stopped supporting it

We have chosen not to support an operating system that its publisher no longer supports. Because the operating system is proprietary software and will never see another security update, we can assume that a device running that operating system is likely to be infected with a keylogger or other malware that makes the browsing session unusably insecure, installed through exploiting a defect in the operating system published around or after the time that the operating system's publisher ended support. See Forever day bugs.

Reasonable (free or non-free) Alternatives?

[davros74]

I currently use StartCom certificates for my personal web server and email server (no, not related to Hillary). But I also use their client certificates (S/MIME).

I also use a backup MX service for my mail server, but recently that has changed hands and the price has started to go up.

So it would be nice to find a one stop shop to fill these needs:
    1. Backup MX service (possibly with spam filtering service)
    2. SSL certificate for a single domain (no wildcards, single server name is fine)
    3. S/MIME client certificates

Free is nice, but I am willing to pay a small annual fee for the services (currently pay for Backup MX). I currently create my own key and CSR, I do not like sites that generate the keys for you or require any software. I should be able to upload the CSR, and get a certificate back (after validating I own the domain, of course).

Any recommendations? If I cannot find anything reasonable, I will have to go back to self-signed certificates. I could live without the S/MIME, but having that is nice being its the only easy way to encrypt email on iPhone's Mail app.

Re:Reasonable (free or non-free) Alternatives?

[heypete]

I don't know of any one-stop-shop (certificate issuance and backup MX service are pretty orthogonal to each other), but there's plenty of CAs out there that will issue you certificates.

This Comodo reseller sells PositiveSSL certs for ~$5/year with a validity time up to 3 years. That's about as cheap as you can get. They also offer (for the next few weeks, at least) GeoTrust, Symantec, and Thawte certs, but the costs for those are higher and they'll stop selling them in December. Comodo offers free S/MIME certs that validate only your email address, as well as paid ones that validate your email and name (if it matters). The paid ones start at $12/year.

Of course, Let's Encrypt is a good option: the certs are free and you can run any of a multitude of ACME clients (or write your own) to validate your domain, generate the key (which is made by and stays on your system), request the certificate, and install the certificate. A simple cronjob handles renewals without any interaction from you. That makes life really easy. They don't do S/MIME certs, though.

Comment removed

[account_deleted]

Comment removed based on user account deletion