Let's Encrypt Hits New Milestone: Over 100,000,000 Certificates Issued (letsencrypt.org)

← Back to Stories (view on slashdot.org)

Let's Encrypt Hits New Milestone: Over 100,000,000 Certificates Issued (letsencrypt.org)

Posted by msmash on Thursday June 29, 2017 @03:40AM from the moving-things-forward dept.

Josh Aas, the executive director of Internet Security Research Group (ISRG) writing for Let's Encrypt: Let's Encrypt, a free, automated, and open certificate authority has reached a milestone: we've now issued more than 100,000,000 certificates. This number reflects at least a few things: First, it illustrates the strong demand for our services. We'd like to thank all of the sysadmins, web developers, and everyone else managing servers for prioritizing protecting your visitors with HTTPS. Second, it illustrates our ability to scale. I'm incredibly proud of the work our engineering teams have done to make this volume of issuance possible. I'm also very grateful to our operational partners, including IdenTrust, Akamai, and Sumo Logic. Third, it illustrates the power of automated certificate management. If getting and managing certificates from Let's Encrypt always required manual steps there is simply no way we'd be able to serve as many sites as we do. The total number of certificates we've issued is an interesting number, but it doesn't reflect much about tangible progress towards our primary goal: a 100% HTTPS Web.

108 of 164 comments (clear)

Min score:

Reason:

Sort:

Value? by Frosty+Piss · 2017-06-29 03:40 · Score: 2, Insightful

I'm not sure that one of these certs is any better than a self-signed cert...

--
If you want news from today, you have to come back tomorrow.
1. Re:Value? by Qzukk · 2017-06-29 03:45 · Score: 4, Insightful
  
  It's trusted by the browser by default, so it has that going for it.
  Also, unlike self-signed certs it demonstrates that the person requesting the cert has control over the hostname(s), which is pretty much all I ever had to do when I paid for a non-EV certificate.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
2. Re:Value? by Anonymous Coward · 2017-06-29 03:50 · Score: 2, Insightful
  
  It's considerably better than a self-signed cert. Browsers don't accept self-signed certs by default, throwing up big nasty warnings. Lets Encrypt is a fully-accepted CA.
  It also costs as much as a self-signed cert. That is, nothing. Higher utility at the same price is higher value.
3. Re:Value? by rahvin112 · 2017-06-29 03:50 · Score: 1
  
  Actually these certificates are far better than a cert you'd buy commercially. The only way to get one is to control a server within the domain name. This is more verification than you get on anything but an EV cert.
4. Re:Value? by __aaclcg7560 · 2017-06-29 03:56 · Score: 1
  
  Google started giving higher rankings to websites with HTTPS/SSL than websites without a certificate. Since Let's Encrypt is a free option at my hosting provider, I got certificates for all my domains and subdomains.
  http://searchengineland.com/google-starts-giving-ranking-boost-secure-httpsssl-sites-199446/
5. Re:Value? by Anonymous Coward · 2017-06-29 04:01 · Score: 1
  
  They get treated differently because they're different. self-signed certs are generating ecrypted traffic, http isn't. I know you already know that, but your flippant reply seemed to brush it off as if that's not a difference.
  Also, self-signed certs are sometimes more secure than the public CA's. If you're using them for internal purposes, and you know the origin of them, you can guarantee they're safe. If you use a public CA, you never know what gov't or three-letter agency they've allowed to spoof a fake cert for MiTM attacks.
6. Re:Value? by WaffleMonster · 2017-06-29 04:06 · Score: 1
  
  Also, unlike self-signed certs it demonstrates that the person requesting the cert has control over the hostname(s), which is pretty much all I ever had to do when I paid for a non-EV certificate.
  How does it demonstrate that? Can you explain specifically what makes this better than self-signed certs? What is the basis of trust used to establish ownership? What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?
7. Re:Value? by __aaclcg7560 · 2017-06-29 04:08 · Score: 1
  
  Let's Encrypt is a shadow entity of the CIA so you have given them free run over all your domains.
  Why do you think I work in government IT? :P
8. Re:Value? by dknj · 2017-06-29 04:18 · Score: 1
  
  Kind of like how SSH always treats your initial connection like a telnet connection? And warns you that unless you have authenticated the remote identity you should treat it as though unauthorized individuals are monitoring your traffic.
  I am going to assume you meant it's always been stupid how browsers handled unauthenticated HTTPS certs. At the very least its necessary to warn about unauthenticated connections for all browser users, uneducated and experts alike. However, power users should be allowed to enable a switch to avoid glaring popup messages about SSL certificates. Ultimately this is solved via extensions since this is not a use-case for the typical browser user, so your complaint is really one of personal inconvenience.
  The real purpose of Let's Encrypt is that it gives another layer of security to the typical browser user. More websites can exist with security with the minimum authorization necessary (control of the domain), but there still exists obvious methods of abuse. These abuses are countered by Certificate Revocation Lists (CRLs) which can turn an abusive site into a site that throws warning messages in most typical browser use cases.
  -dk
9. Re:Value? by Opportunist · 2017-06-29 04:19 · Score: 2
  
  It demonstrates that the one holding the cert also holds the domain name. Nothing else. And nothing else is implied by the whole deal.
  Contrary to popular belief, a certificate isn't a government ID. All it means is that whoever claims to be www.whatever.tld is actually www.whatever.tld, and that no man in the middle attack is happening.
  And once people learn this, we could maybe start establishing some sort of security. The fact that https:/// isn't crossed out by your browser doesn't mean that www.bank0famrika.com is a good place to enter your online banking credentials.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
10. Re:Value? by Anonymous Coward · 2017-06-29 04:20 · Score: 5, Informative
  
  Im not that poster but I do have to look after a lot of servers with sites that have letsencryprt certs.
  Basically it requires the same level of domain validation as any standard, non EV cert (including revocations) and provides the same level of protection for on the wire data interception with the disadvantage that certs are only issues for 90 days instead of 1+ years.
  Look here for a overview of the the process, its pretty simple and the same as any other non EV cert:
  https://letsencrypt.org/how-it-works/
11. Re:Value? by AikonMGB · 2017-06-29 04:21 · Score: 1
  
  How does it demonstrate that? Can you explain specifically what makes this better than self-signed certs? What is the basis of trust used to establish ownership? What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?
  Public key cryptography. The client has to satisfy both the domain control challenge, and sign a nonce provided by the CA. The domain control challenge establishes control over the domain. The signed nonce provides client identity verification.
  https://letsencrypt.org/how-it-works/
12. Re:Value? by WaffleMonster · 2017-06-29 04:21 · Score: 1
  
  They're a little better in that the fact that they come from a cert authority gives you some assurance that you're not being MITM'd. But it has always been stupid that browsers treat an HTTPS connection with a self-signed cert differently to an HTTP connection.
  All lets encrypt does is move the point of MITM vulnerability from establishing a connection to obtaining the cert. A functionally equivalent MITM opportunity to untrusted self-signed certs persist regardless.
  The fact that end users see a padlock icon in their browser and *assume* their connections are secure when in fact there is no rational basis for such a belief is a far worse reality than doing nothing.
  My own view is that ALL DV CA's including LE should be shuttered immediately. All responsibly transferred to domain registrars who already have relationships established with domain owners. Current system is nonsensical, redundant, dangerous and completely unnecessary.
13. Re:Value? by chispito · 2017-06-29 04:22 · Score: 1
  
  I'm not sure that one of these certs is any better than a self-signed cert...
  The value is that you don't have to pay some shifty dude $10 for the same level of verification, and it is auto renewing.
  
  --
  The Daddy casts sleep on the Baby. The Baby resists!
14. Re:Value? by WaffleMonster · 2017-06-29 04:50 · Score: 1
  
  How does it demonstrate that? Can you explain specifically what makes this better than self-signed certs? What is the basis of trust used to establish ownership? What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?
  Public key cryptography. The client has to satisfy both the domain control challenge, and sign a nonce provided by the CA. The domain control challenge establishes control over the domain. The signed nonce provides client identity verification.
  This isn't about the basics of PKI it's the basics of establishing TRUST that's the heart of my question regarding LE.
  The basis of any secure system is TRUST not alphabet soups of cryptographic jargon. It's asking the basic question "WHY SHOULD I TRUST YOU?" and receiving a reasonable, verifiable response.
  How does LE vet ownership to even assign certificates in the first place? What makes this process secure and trustworthy? If there is no good answer to that question all the cryptography in the world means nothing.
15. Re:Value? by TheRaven64 · 2017-06-29 04:55 · Score: 1
  
  It demonstrates that the one holding the cert also holds the domain name. Nothing else. And nothing else is implied by the whole deal.
  Not quite: the key exchange happens over HTTP and doesn't always use DNSSEC, so all that it actually proves is that the person issuing the certs was able to receive and reply to TCP packets going to the IP address that the Let's Encrypt server's DNS reported was associated with the domain name. That's a somewhat weaker guarantee (though no weaker than most non-EV certs).
  Let's Encrypt also logs all certs with certificate transparency and so you can check (by grabbing the CT logs or using a web search) which certs have been issued for your domain and see if any of them don't match the public key that you think that you're using (and you can automate this from another machine). Chrome also reports certificates that it's seen to the CT logs, so you can spot when someone sees a cert that you don't think is yours. For example, I can look at my old university's computer society's CT log and see that they switched from StartCom to Let's Encrypt when everyone stopped trusting StartCom last year and see that their last three certificates all have different public keys, which implies that either someone is rapidly rolling over certs for no reason and is a numpty, or that someone else is playing silly buggers.
  
  --
  I am TheRaven on Soylent News
16. Re:Value? by TheRaven64 · 2017-06-29 04:59 · Score: 1
  
  The ACME protocol doesn't ever give Let's Encrypt your private key, so they can't compromise your key. They can issue other certs for your domain (but so can any CA), but if they do then they'll appear in the certificate transparency logs for your domain (if anyone visits them with a client that records things in CT logs, at least), so you'd see.
  
  --
  I am TheRaven on Soylent News
17. Re:Value? by AikonMGB · 2017-06-29 05:08 · Score: 4, Insightful
  
  This isn't about the basics of PKI it's the basics of establishing TRUST that's the heart of my question regarding LE.
  The basis of any secure system is TRUST not alphabet soups of cryptographic jargon. It's asking the basic question "WHY SHOULD I TRUST YOU?" and receiving a reasonable, verifiable response.
  Trust whom, the site owner? LE? Their CA? If you don't trust root CA, then you are SOL. Better unplug your computer. Otherwise, there's your trust chain: root CA vets LE to a level sufficient to grant them an issuing certificate, LE vets the site owner to a level sufficient to grant them a hostname certificate.
  
  How does LE vet ownership to even assign certificates in the first place?
  Ownership of what, the hostname? The client requesting the certificate has to satisfy a challenge, for example placing a file with specific contents at a specific location controlled by the hostname, or populating a specific DNS record with a specific value for that hostname's zone. If the client is able to satisfy those challenges, then it already has complete control over the hostname and the content it serves.
  
  What makes this process secure and trustworthy? If there is no good answer to that question all the cryptography in the world means nothing.
  If you aren't willing to engage in a discussion about public keys and cryptographic signatures, there's no way to answer this question for you. The cryptography is how the process is secured, and the public key nature (combined with satisfying the challenge above) is how the CA establishes trust.
18. Re:Value? by GameboyRMH · 2017-06-29 05:18 · Score: 2
  
  I agree with you, but I think browsers should treat HTTPS connections with self-signed certs the same as HTTP connections, as in not halting the connection with a giant warning page and forcing the user to jump through hoops before getting to the site. Let them through with the same little warning symbol now displayed for an HTTP connection. An HTTPS connection with a self-signed cert is in no way more dangerous than an HTTP connection.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
19. Re:Value? by Junta · 2017-06-29 05:19 · Score: 1
  
  Ownership of what, the hostname? The client requesting the certificate has to satisfy a challenge, for example placing a file with specific contents at a specific location controlled by the hostname, or populating a specific DNS record with a specific value for that hostname's zone.
  
  The concern being if you are launching a man-in-the-middle attack and you are near the server side of the connection, then you could pass such a challenge as well. Sure, in the overwhelmingly more likely case that you are close to the client side, you can't do this sort of thing, but it is possible particularly for small domains for an attacker to be close to the server side.
  Now this may be no weaker than the status quo, I can't speak to that.
  It's probably not good for https to pop up the word 'Secure' for non-EV certs, as it implies a lot more than it really means.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
20. Re:Value? by GameboyRMH · 2017-06-29 05:23 · Score: 1
  
  I am going to assume you meant it's always been stupid how browsers handled unauthenticated HTTPS certs. At the very least its necessary to warn about unauthenticated connections for all browser users, uneducated and experts alike. However, power users should be allowed to enable a switch to avoid glaring popup messages about SSL certificates. Ultimately this is solved via extensions since this is not a use-case for the typical browser user, so your complaint is really one of personal inconvenience.
  Everyone's personal convenience, not just mine. There's no reason the typical browser user should see any warning for self-signed HTTPS that would not also be displayed for an HTTP connection, it's in no way more dangerous. Browser developers are effectively giving handouts to the CA industry and hindering adoption of HTTPS by halting with an error when encountering self-signed HTTPS certificates.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
21. Re:Value? by WaffleMonster · 2017-06-29 05:28 · Score: 1
  
  Trust whom, the site owner? LE? Their CA? If you don't trust root CA, then you are SOL. Better unplug your computer.
  My remarks are limited to establishing domain ownership.
  
  Ownership of what, the hostname? The client requesting the certificate has to satisfy a challenge, for example placing a file with specific contents at a specific location controlled by the hostname, or populating a specific DNS record with a specific value for that hostname's zone. If the client is able to satisfy those challenges, then it already has complete control over the hostname and the content it serves.
  DNS is insecure.
  HTTP is insecure.
  The routing infrastructure of the Internet itself (BGP et al) is insecure.
  Both DNS and HTTP are subject to trivial MITM attack by anyone with access to a victims wires.
  If the answer is it depends on responses from any of these protocols then one might as well implement RFC3514 and roll out a mission accomplished banner.
22. Re:Value? by AikonMGB · 2017-06-29 05:29 · Score: 1
  
  The concern being if you are launching a man-in-the-middle attack and you are near the server side of the connection, then you could pass such a challenge as well. Sure, in the overwhelmingly more likely case that you are close to the client side, you can't do this sort of thing, but it is possible particularly for small domains for an attacker to be close to the server side.
  Not quite -- the client generated a private-public key pair when it first contacted LE, communications between the client and LE are encrypted, and the client answering the challenge is required to sign a nonce provided by LE using their private key. The MITM near the server side of the connection does not have the private key, and so cannot read what the challenge value should be, and cannot sign the nonce.
23. Re:Value? by Junta · 2017-06-29 05:31 · Score: 5, Insightful
  
  The point being you connect to http, and no worries, it's all cool. It's warm and fuzzy and not at all something to fret about.
  You connect to https with self-signed cert, *IT'S THE END OF THE WORLD*, you are horribly insecure, it's dangerous, you shouldn't even *try* to talk to the server, if you really want to you should click through 2 or 3 dialogs, and also you should be forced to do that every time you reconnect to the same server, without even a hint of whether the certificate changed from last time.
  It's just such a strange disconnect. I have seen web server operators opt to prefer http rather than https so as not to scare off users, even if they may be handling potentially sensitive information.
  Self-signed certs should be treated more like ssh keys in general.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
24. Re:Value? by WaffleMonster · 2017-06-29 05:36 · Score: 1
  
  Not quite -- the client generated a private-public key pair when it first contacted LE, communications between the client and LE are encrypted, and the client answering the challenge is required to sign a nonce provided by LE using their private key. The MITM near the server side of the connection does not have the private key, and so cannot read what the challenge value should be, and cannot sign the nonce.
  Are you referring to a legitimate domain owners client or an attackers client?
25. Re:Value? by Oloryn · 2017-06-29 05:44 · Score: 1
  
  Let's Encrypt's root certificate is signed by IdenTrustâ(TM)s DST Root X3 certificate, which should already be installed.
26. Re:Value? by Anonymous Coward · 2017-06-29 05:45 · Score: 1
  
  DNS is insecure.
  HTTP is insecure.
  The routing infrastructure of the Internet itself (BGP et al) is insecure.
  
  Both DNS and HTTP are subject to trivial MITM attack by anyone with access to a victims wires.
  
  If the answer is it depends on responses from any of these protocols then one might as well implement RFC3514 and roll out a mission accomplished banner.
  Sounds like your problem isn't with Lets Encrypt, it's with the entire concept of issuing encryption certificates, regardless of issuer.
27. Re:Value? by cryptizard · 2017-06-29 05:50 · Score: 1
  
  Ok but what is your point? That is how every other CA also does domain verification. Are you saying all CAs are broken? If so, why are you still using the internet?
28. Re:Value? by heypete · 2017-06-29 05:54 · Score: 1
  
  For example, I can look at my old university's computer society's CT log and see that they switched from StartCom to Let's Encrypt when everyone stopped trusting StartCom last year and see that their last three certificates all have different public keys, which implies that either someone is rapidly rolling over certs for no reason and is a numpty, or that someone else is playing silly buggers.
  That seems pretty reasonable: all of the listed certs from 2016-09-23 to the present (except on 2017-05-21, I have no idea what's going on there) have been replaced at 2-month intervals, which is in line with the recommendations and when the reference implementation of their ACME client (certbot) renews certs (the certs are valid for 90 days and are renewed after 60 days). Each renewal involves the generation of a new public/private keypair. All in all, seems pretty reasonable.
29. Re:Value? by AikonMGB · 2017-06-29 05:55 · Score: 1
  
  Are you referring to a legitimate domain owners client or an attackers client?
  I was referring to MITM attacks on the certification process itself.
  For an attacker to initiate the process and successfully complete the validation, they would either need control of the server (or be able to impersonate it), or control of the authoritative DNS records. In either case, the certification is logged publicly by LE. In the former case, you point your DNS somewhere else and generate new certificates. In the latter case, the "attacker" actually does control the hostname*, so the certification is valid.
  * The assumption here is that it would be difficult to MITM LE themselves when doing authoritative DNS lookups. Presumably LE uses distributed servers to make this very difficult, but I haven't looked into it.
30. Re:Value? by WaffleMonster · 2017-06-29 06:03 · Score: 1
  
  Sounds like your problem isn't with Lets Encrypt, it's with the entire concept of issuing encryption certificates, regardless of issuer.
  My problem is with lets encrypt and every other CA automatically issuing certs using methods they know damn well to be completely insecure subject to the very same forms of attack certificates being issued are intended to prevent. It's a breathtakingly idiotic and dangerous practice.
  I don't have a problem with the underlying technology. PKI is awesome when deployed properly. When deployed with the level of fail LE and other DV CA's are currently bringing to the table you damn well better believe I have a problem with it.
  The sad part in all of this is that it's also pointless and trivially remedied. The domain registrars are the ones who should be handing out domain certs as they already have relationships with domain owners. At the very least registrars could be providing authorization tokens to be consumed by third party CAs. There is no excuse for current behavior and practices.
31. Re:Value? by gmack · 2017-06-29 06:11 · Score: 1
  
  DANE would have made that easy since it would have validated the certificate against the DNS record, but people are too lazy to implement DNSSEC which is needed before we even think about DANE.
32. Re:Value? by gmack · 2017-06-29 06:13 · Score: 1
  
  We could have had that.but DANE is worthless without DNSSEC and everyone is too lazy to implement DNSSEC.
33. Re:Value? by WaffleMonster · 2017-06-29 06:23 · Score: 1
  
  For an attacker to initiate the process and successfully complete the validation, they would either need control of the server (or be able to impersonate it), or control of the authoritative DNS records.
  The assumption here is that it would be difficult to MITM LE themselves when doing authoritative DNS lookups.
  You don't have to MITM LE's infrastructure. All that is needed is to MITM your victim's wire which may well include DNS traffic toward their (authoritative) DNS server.
34. Re:Value? by WaffleMonster · 2017-06-29 06:28 · Score: 1
  
  We could have had that.but DANE is worthless without DNSSEC and everyone is too lazy to implement DNSSEC.
  DNSSEC should not be deployed until DNS amplification countermeasures are fully deployed. This can be RFC7873, TCP, (D)TLS... I don't care which... To go ahead with deployment of DNSSEC knowing DNS infrastructure will be leveraged to launch massive DDOS attacks is massively irresponsible.
35. Re:Value? by AikonMGB · 2017-06-29 06:43 · Score: 1
  
  You don't have to MITM LE's infrastructure. All that is needed is to MITM your victim's wire which may well include DNS traffic toward their (authoritative) DNS server.
  This is one of the reasons I use a separate DNS provider.
36. Re:Value? by AikonMGB · 2017-06-29 06:44 · Score: 1
  
  Also keep in mind what an LE certificate actual says: https://en.wikipedia.org/wiki/...
  If the attacker controls the domain, then the certificate is valid.
37. Re:Value? by AF_Cheddar_Head · 2017-06-29 06:48 · Score: 1
  
  Wait until your IA folks decide to flip the little switch making it so you cannot accept the unrecognized or self-signed certificate and continue on to the site or device. Some devices use self-signed certificates and make it impossible to replace the certificate with one from and internal or external CA. I'm looking at you Equallogic.
38. Re:Value? by AF_Cheddar_Head · 2017-06-29 06:52 · Score: 1
  
  You aren't following the rule if you are using Let's Encrypt certificates on government systems. Yep, I work DoD IT.
39. Re:Value? by dissy · 2017-06-29 07:00 · Score: 4, Informative
  
  Also, unlike self-signed certs it demonstrates that the person requesting the cert has control over the hostname(s), which is pretty much all I ever had to do when I paid for a non-EV certificate.
  How does it demonstrate that?
  Because one must create a file under a name specified by LE, with contents specified by LE.
  Only one with control over the webhost has access to create files on the webhost.
  Can you explain specifically what makes this better than self-signed certs?
  Anyone can create and sign a self-signed certificate with any domain(s) in it they wish.
  You can not easily verify the website owner is the creator of the private key, and in fact the only one way to do so is to compare the certificate signature/hash you see with the website owner, which requires another form of secure out-of-band communications.
  With LetsEncrypt, you personally for example can not issue a certificate for my domain.
  I personally can not issue a certificate for your domain.
  Additionally with self signed certificates, you would need to have end-users install your self signed public key in their browsers manually, and to actually be secure it would have to actually be the one you generated.
  As an attacker I can provide my own public key to your users to trust, with your domain in it, and there is little chance they wouldn't know it was my key instead of yours.
  Certificate Authorities have their public keys in the browser already.
  What is the basis of trust used to establish ownership?
  Access to a web servers files or DNS zone for the domain in question is required.
  This is the exact same identical process any other CA in the world uses for class-1 certificates.
  In other words, if you know how any CA handles class-1 certs, you know how LE handles them. It is identical.
  What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?
  What prevents a person with control over the domain from requesting a certificate for that domain?
  The exact same thing that prevents an attacker from getting a certificate from any CA issued for that domain - nothing.
  If I was an attacker in that position to have control over a victims web host or DNS, I could get a certificate issued from Lets Encrypt, or GoDaddy, or ICANN, or any of the many hundreds of certificate authorities out there.
40. Re:Value? by thegarbz · 2017-06-29 07:35 · Score: 1
  
  Other than not blocking people, or throwing a hissy every time you visit a site with any modern browser it's not different.
41. Re:Value? by thegarbz · 2017-06-29 07:40 · Score: 1
  
  You can generate a certificate for any domain right now and install it anywhere. That's self signed. It's also why it's not trusted in a browser by default.
  This authority is trusted by default. How does it prove you're the owner of a domain? Easy: it checks. The process is simple: Run a script on the server, server generates API request for a key to Lets Encrypt, that key gets dropped by the script on your server, another API request causes the Lets Encrypt server to check your server to see if the key is now present and if it is it grants the certificate and the key can then be deleted.
  The only way to pass that is to be in control of the server from the view of the Lets Encrypt server. That means you either need to DNS hijack their server or have access to the server for which you're claiming you have authority.
  That's it. It is actually a far more detailed and robust validation process than most other non-EV certificates which are often satisfied with an email address and a whois entry.
42. Re:Value? by thegarbz · 2017-06-29 07:44 · Score: 1
  
  Let's encrypt is an issuing authority only. Issuing authorities don't have their certificates listed in the browser. The chain of these leads back up to a root authority. The certificate you're looking for in Chrome is IdenTrust's DST Root CA X3 as per the above poster.
43. Re:Value? by nate_in_ME · 2017-06-29 08:00 · Score: 1
  
  The only thing the management agent does is handle the "auto-renew" for you. I manually create LE certificates for a domain we use for work (and would do more for our remote access panel, but LE has made the decision not to allow creation of certificates without a domain, so our server that is only available by IP gets left out). Other than the certificate data itself, we have nothing special installed on our server.
44. Re:Value? by tattood · 2017-06-29 08:02 · Score: 2
  
  The way that you get a cert issued by LE is the same as with any other CA company. So if some bad guy can register any domain, and put up a website, they can purchase a cert that is trusted by your browser. How can you TRUST that this website is not bad, just because their certificate was issued by GoDaddy, or some other CA?
  
  The CA is not verifying that you are not doing anything bad, just that you control the web server. The same is true for LetsEncrypt certificates.
  
  --
  WTB [sig], PST!!!
45. Re:Value? by epine · 2017-06-29 10:58 · Score: 1
  
  The fact that end users see a padlock icon in their browser and *assume* their connections are secure when in fact there is no rational basis for such a belief is a far worse reality than doing nothing.
  That was more than you needed to write.
  
  The fact that end users see a padlock icon in their browser flushes orthogonality down the toilet.
  There should have been (and should now be) two separate icons: a cone of silence icon that indicates session encryption, and a second Alex Trebek icon that indicates that the server you are presently visiting is a validated celebrity, standing up.
  To Tell the Truth
  Presented with the correct conceptual icon map, the problem with the falsehoods users assume might magically become vaguely tractable.
  I kind of wish that the OS would notice the web browser displaying the padlock icon, and then put up an intrusive dialogue box "the padlock icon is known to cause widespread damage to the end-user's conceptual map" and only allow the user to proceed to use the web browser after registering a stupid-by-design exception.
  Some bad actors rip you off. Other bad actors merely promulgate bad conceptual models. I'm pissed at both.
46. Re:Value? by __aaclcg7560 · 2017-06-29 11:25 · Score: 1
  
  Because you're too stupid and lazy to get a better-paying job elsewhere?
  Fully funded, five-year contracts are a bit hard to find in the private sector. :p
47. Re:Value? by __aaclcg7560 · 2017-06-29 11:29 · Score: 1
  
  Yep, I work DoD IT.
  I work for a three-letter agency. Slashdot's favorite guesses include FBI, CIA, NSA and GPO.
48. Re: Value? by __aaclcg7560 · 2017-06-29 14:02 · Score: 1
  
  Silicon valley, TLA, IT guessing you work on old Onitzuka.
  The Blue Cube got decommissioned in 2011 and demolished in 2014. My father and I did a construction job there in 1988, where we were locked inside the construction area for the duration of our shift and armed MPs with snarling guard dogs patrolled the perimeter of the chain link fence.
49. Re: Value? by __aaclcg7560 · 2017-06-29 14:29 · Score: 1
  
  So you were 17 when you worked construction at an Air Force Base, while at the same time you went through your health issues?
  I was 16 when I got a new bike and lost 70 pounds that summer from riding my bike all over the county. The health issues I had before then disappeared. I started working in construction when I turned 18 and went to college when I was 20. I rode a bike until my mid-30's and then switched to the gym for working out. Too many soccer moms were trying to run me off the road.
  
  Very confused; please clarify.
  https://www.cdreimer.com/slashdot.html
50. Re:Value? by __aaclcg7560 · 2017-06-29 15:24 · Score: 1
  
  You'd be fired within two weeks for any number of reasons.
  The only time I was ever fired was when I worked my father and I punched the boss's grandson in the mouth. That was 27 years ago.
51. Re:Value? by __aaclcg7560 · 2017-06-29 15:53 · Score: 1
  
  What happened? Did he reach for your sandwich?
  He found out the hard way that I don't start fights but I do finish them. That always surprised people. Just because I'm fat doesn't me I'm a pushover.
52. Re:Value? by WaffleMonster · 2017-06-29 17:09 · Score: 1
  
  The CA is not verifying that you are not doing anything bad, just that you control the web server. The same is true for LetsEncrypt certificates.
  If this were true there would be no problem. Unfortunately the assumption CA is verifying administrative control over a web server is provably false.
  The entire point of having CAs issue public key is prevention of MITM attack from those with access to packets to and from a victims network.
  HTTP traffic from any web server is trivially vulnerable to MITM attack. If I can access Internet traffic from my victims network I can go to any DV CA on the planet using completely automated means have a CA assign me a key I can then leverage with impunity to MITM my victim without detection from that point forward.
  This isn't what I would call security nor is it necessary or defensible. It's simply terrible and idiotic.
  
  So if some bad guy can register any domain, and put up a website, they can purchase a cert that is trusted by your browser.
  For their own domains, not someone else's.
  
  How can you TRUST that this website is not bad
  Passing judgment as to the disposition of a site isn't the point of DV certs. The only thing DV certs are supposed to do is make sure those with administrative control over a domain are the same people who have administrative control over the issued cert. The problem is automated verification procedures currently widely deployed are wholly incapable of making such determinations.
53. Re:Value? by WaffleMonster · 2017-06-29 17:14 · Score: 1
  
  If the attacker controls the domain, then the certificate is valid.
  The problem is an attacker does not need to control the domain. They just need to control packets to and from it.
54. Re:Value? by WaffleMonster · 2017-06-29 17:29 · Score: 1
  
  Let domain registrars handle it, so they can charge $99 a year for a secure certificate? That artificial barrier to entry and clear predation of consumers is precisely why Let's Encrypt was formed. A commercial CA doesn't give a fuck what happens to you as long as you paid for the cert.
  My belief is one or both of the following must happen:
  1. Domain registrars should be required to assign certs automatically as standard part of domain ownership or everyone should just drop the current system and switch to DANE. Registrars must not be allowed to treat it separately as an "add-on".
  2. Domain registrars should be required to provide domain owners authorization tokens consumed by CAs and other entities to securely provide proof of ownership/control to existing DV CA's and or LE for verification purposes.
  I would very much prefer to see the current system burn to the ground and replaced entirely with DANE. There is significant negative value in the existence of CAs performing automated DV.
55. Re:Value? by tlhIngan · 2017-06-29 18:48 · Score: 1
  
  The value is that all the fake Paypal sites and banking sites are now secure! See the https? Secure! Like we taught everyone to trust the lock! Never visit a financial site unless you see the lock symbol in the corner of the window. It's the surest way to tell a fake site from a real site!
  (Yes, it's a sad fact that a good majority of certificates are issued to phish users. We have to train users how to tell a real site from a fake site - no more relying on the lock).
56. Re:Value? by ls671 · 2017-06-29 21:30 · Score: 1
  
  Come on, I am 5'8'', 160 lbs and I can beat the shit out of you anytime.
  Let's organize a contest so we can both add to our revenue streams...
  
  --
  Everything I write is lies, read between the lines.
57. Re: Value? by __aaclcg7560 · 2017-06-30 01:08 · Score: 1
  
  You're an abject failure.
  If I was an "abject failure," I wouldn't be getting up at 4:30AM to go to my day job that pays the bills, come home and work until 10PM on my side business that brings in the cash flow.
58. Re: Value? by __aaclcg7560 · 2017-06-30 02:16 · Score: 1
  
  You're working 18 hours a day to pull down 50k per year.
  Nope. The day job that pays the bills is $55K per year with benefits. I've never stated how much cash flow that the side business generated. But don't let a lack of information stop you from speculating how many extra half-cents I make.
  
  Meanwhile, the successful people are working 40-50 hours a week, and spending that extra time with their families, friends, and doing things that foster their spiritual, social, mental, and physical growth.
  You mean when I was working 60 hours a week as a lead video game tester, attending two programming classes at the community college, going to church and teaching Sunday school? I'm not as young as I used to be. I'm taking life at a much slower pace these days.
59. Re:Value? by __aaclcg7560 · 2017-06-30 02:23 · Score: 1
  
  Did you shoot him?!
  Oh, no. What I did to him was much worse: I enrolled in college and started my technical career. Last I heard he was still a drug addict and living on welfare. His father shut down the family business after three generations when he retired ten years ago.
60. Re:Value? by __aaclcg7560 · 2017-06-30 02:31 · Score: 1
  
  Come on, I am 5'8'', 160 lbs and I can beat the shit out of you anytime.
  I'll gladly let you beat the shit out of me — and watch the police haul your sorry ass away. One guy thought I was joking about that, but I explained the situation to him: 1) he would rot in prison, 2) his wife would divorced him and marry the man that she's having an affair with, and 3) his daughter would have an excellent stepfather to take care of her. His bravado disappeared in a hurry. Last I heard he wasn't in prison but his wife divorced him, married the other guy, and his daughter loves her stepfather more than him. Sad.
61. Re: Value? by __aaclcg7560 · 2017-06-30 03:30 · Score: 1
  
  A successful YouTube channel can generate 50K-60K Australian dollars per year, like EEVBlog.
  That isn't Dave's only source of revenue. He sells electronic gear and t-shirts, affiliate links for products he reviewed, and accepts donations from viewers. A successful business should have at least 30 sources of income. YouTubers who rely exclusively on YouTube for income are screwed by the advertiser boycott and plummeting ad rates. I saw my rate go from $1.00 per 1K views to $0.70 per 1K view for one of my channels.
  
  You're making MAYBE 150$ a year given your approximately 1000 hours you put into it.
  Sorry, mate. That's how much I made this month for traffic-related ad revenues from Slashdot. All I have to do is consistently post two dozen comments per day. While everyone piss, moan and groan about my comments, curious readers check out my blog (homepage link above) or author website (preorder link below).
62. Re:Value? by AikonMGB · 2017-06-30 03:54 · Score: 1
  
  The problem is an attacker does not need to control the domain. They just need to control packets to and from it.
  If they control all packets to and from the domain for all users, then they effectively control the domain. If they only control packets to and from the domain for a small subset of users that does not include LetsEncrypt (an assumption of the security model, and why LE likely uses several distributed servers), then they cannot successfully obtain a certificate.
63. Re: Value? by __aaclcg7560 · 2017-06-30 03:57 · Score: 1
  
  Your channels? Like the video of a bee on your jacket?
  That's one video on one channel. Do you think I do everything under one pen name?
  
  So much for "private and confidential", huh Chris?
  I've been tossing around the ad revenue figure for months now.
  
  And I doubt next month will generate anything once people realize what a monotonous boring fool you are.
  Maybe, maybe not. Let's see if someone tries to top the dick pics this weekend.
64. Re: Value? by __aaclcg7560 · 2017-06-30 04:14 · Score: 1
  
  Because your idiotic babble gets hard to follow at times.
  That's because you're trying so hard to discredit me that you're confusing yourself with your own line of bullshit. What is it about fat people that makes you and other asshats so stupid?
65. Re:Value? by __aaclcg7560 · 2017-06-30 04:23 · Score: 1
  
  You told us that you "finished" the fight with him by punching him in the mouth.
  
  I did.
  
  But then you change your tune and suddenly "enrolling in college and starting a technical career" is somehow showing him something.
  I enrolled in classes the very next day. Fast forward 27 years later, I'm a tech professional and he's a drug addict.
66. Re: Value? by __aaclcg7560 · 2017-06-30 04:43 · Score: 1
  
  you're diluting your own "personal brand"
  There's only one personal brand. I do have other brands that are not about me. Shocking, I know.
  
  then get upset when a very entertaining, intelligent, handsome, and well-hung individual signs up "cdreimer" to make fun of you?
  An episode that resulted in five user accounts being deleted. Yes, I'm aware that there are other fake user accounts lurking about.
  
  Make your own
  And settle for once and for all whether I have dick big enough to suck on daily or a puny little dick that makes an ape proud?
67. Re:Value? by ls671 · 2017-06-30 16:55 · Score: 1
  
  I was talking about a friendly contest where police isn't involved.
  If the prime minister of Canada can do it, why couldn't we?
  https://www.youtube.com/watch?...
  http://nationalpost.com/news/c...
  
  --
  Everything I write is lies, read between the lines.
My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 03:44 · Score: 1

The Let's Encrypt certs that I have for my websites automatically expire and renew every 30 days. That's 360+ per year.
1. Re:My certs expire every 30 days... by ls671 · 2017-06-29 03:54 · Score: 2
  
  No! It expires every 90 days and you can renew after 60 days. RTFM.
  
  --
  Everything I write is lies, read between the lines.
2. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 04:05 · Score: 2
  
  No! It expires every 90 days and you can renew after 60 days. RTFM.
  I stand corrected. After double checking my configuration, I have a different set of certs (five or so) expiring and renewing each month.
3. Re:My certs expire every 30 days... by ls671 · 2017-06-29 04:29 · Score: 1
  
  ...expiring and renewing each month
  You seem to be missing an important principle: You have to renew a cert before it expires, hence the 60/90 days schedule.
  You don't renew a cert "when it expires".
  
  --
  Everything I write is lies, read between the lines.
4. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 04:35 · Score: 1
  
  You don't renew a cert "when it expires".
  I get a handful of emails every month from my web hosting provider that my expired certs are being renewed automatically.
5. Re:My certs expire every 30 days... by ls671 · 2017-06-29 04:56 · Score: 1
  
  You don't renew a cert "when it expires".
  I get a handful of emails every month from my web hosting provider that my expired certs are being renewed automatically.
  Well, change provider if yours renew your certs only once they have expired! I begin renew requests for my certs 30 days before they expire. Again RTFM.
  
  --
  Everything I write is lies, read between the lines.
6. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 04:59 · Score: 1
  
  I begin renew requests for my certs 30 days before they expire.
  That's the point you keep missing. I don't have to do anything because it's done automatically. I set it up once and forget about it.
7. Re:My certs expire every 30 days... by TheRaven64 · 2017-06-29 05:09 · Score: 1
  
  You can renew a lot more often. Renewals are only limited by the rate limits and these allow renewing even after you've hit the 20-certs-per-week limit for a domain. Acme-client on FreeBSD defaults to renewing every week, so even a few failures will not cause problems.
  
  --
  I am TheRaven on Soylent News
8. Re:My certs expire every 30 days... by ls671 · 2017-06-29 05:11 · Score: 1
  
  My god! I am not missing any point. Do you think that I renew my certs manually and that your provider is the only one to automate the process??? Of course not, I have a script in a cron job that takes care of it.
  Again RTFM, here you go since that seems hard to understand for you:
  https://letsencrypt.org/2015/1...
  
  --
  Everything I write is lies, read between the lines.
9. Re:My certs expire every 30 days... by ls671 · 2017-06-29 05:35 · Score: 1
  
  The emails you are getting are pretty useless. I only get emails if the automated process fails. Then, I would get 30 days to monitor/fix it if it ever occurs. This is pretty standard for a Let's Encrypt setup. You would know about it if you actually ever implemented the process yourself.
  
  --
  Everything I write is lies, read between the lines.
10. Re:My certs expire every 30 days... by ls671 · 2017-06-29 05:57 · Score: 1
  
  True enough, I have renewed several times in the same day when setting up automation. 60/90 days seems like good default values for now with a concern to not overload the system for nothing. This is what is recommended here:
  https://letsencrypt.org/2015/1...
  Also 60/90 is fine for me because I always manually restart apache (apachectl restart) at least once a week so new certificates should always be loaded on time. I don't want the automated script to restart my server for stability concerns.
  On a side note, most clients seem to have way to many dependencies. I found a pure bash one without any dependencies. Here it is:
  https://github.com/srvrco/gets...
  But anyway, Let's Encrypt certificate expire after 90 days, period.
  
  --
  Everything I write is lies, read between the lines.
11. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 06:12 · Score: 1
  
  The emails you are getting are pretty useless. I only get emails if the automated process fails.
  According to the provider TOS for Let's Encrypt, I authorized the sending of renewal and revocation emails.
  
  You would know about it if you actually ever implemented the process yourself.
  It takes 15 minutes to set up a dozen websites using the provider's webpage. Setting up multiple cron jobs will probably take a bit longer than 15 minutes. I got too many items on my to do list to dive into the cron job rabbit hole.
12. Re:My certs expire every 30 days... by ls671 · 2017-06-29 06:30 · Score: 1
  
  Setting up multiple cron jobs will probably take a bit longer than 15 minutes. I got too many items on my to do list to dive into the cron job rabbit hole.
  1 cron job for ~90 websites. No need to modify the cron job to add a new site, duh.
  here you go:
  https://github.com/srvrco/gets...
  Just as fast as your provider and I hate web management interfaces. As a matter of fact, it is probably faster than it is at your provider because all you need to do is edit text files.
  
  --
  Everything I write is lies, read between the lines.
13. Re:My certs expire every 30 days... by ls671 · 2017-06-29 06:35 · Score: 1
  
  oh, and my mod_security reverse-proxy routes all Let's Encrypt challenge requests to the same folder for the ~90 sites so no messing around with the websites content.
  As a matter of fact, my customers don't need to do anything or touch their website. I guess it beats your setup because you say that, as a customer, you must set it up on you provider "web page".
  
  --
  Everything I write is lies, read between the lines.
14. Re:My certs expire every 30 days... by ls671 · 2017-06-29 06:45 · Score: 1
  
  While at it, for very sensitive customer internal stuff, use a sub-domain with self-signed certs. You never know.
  
  --
  Everything I write is lies, read between the lines.
15. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 06:53 · Score: 1
  
  [...] the same folder for the ~90 sites so no messing around with the websites content.
  My provider does the same thing. Is this supposed to be significant?
  
  I guess it beats your setup because you say that, as a customer, you must set it up on you provider "web page".
  As an end user, I just want to set it up and forget about it. I did it six months ago. I haven't looked it at until today. I'll probably won't look at it for another six months.
16. Re:My certs expire every 30 days... by ls671 · 2017-06-29 07:02 · Score: 1
  
  As an end user, I just want to set it up and forget about it. I did it six months ago. I haven't looked it at until today. I'll probably won't look at it for another six months.
  hmmm... reading comprehension?
  My point was that my own customers never have to set up anything.
  
  --
  Everything I write is lies, read between the lines.
17. Re:My certs expire every 30 days... by ls671 · 2017-06-29 07:08 · Score: 1
  
  OK, here I go: what is your security clearance level?
  
  --
  Everything I write is lies, read between the lines.
18. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 07:14 · Score: 1
  
  My point was that my own customers never have to set up anything.
  Your customers have you. I have myself and my provider has a web interface. What's the problem?
19. Re:My certs expire every 30 days... by Rockoon · 2017-06-29 08:42 · Score: 1
  
  Just. Wow.
  
  --
  "His name was James Damore."
20. Re:My certs expire every 30 days... by ls671 · 2017-06-29 10:24 · Score: 1
  
  Bragging from the start about things you don't master?
  
  --
  Everything I write is lies, read between the lines.
21. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 10:50 · Score: 1
  
  Bragging from the start about things you don't master?
  My business doesn't require that I master every little detail. Some details I leave to others to free up my valuable time. A web interface that allows me to set up my domain and cert at the same time Is quite efficient.
22. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 11:15 · Score: 1
  
  Yes, your "business", singular, down from the 30 businesses you had three weeks ago.
  My business has 30 revenue streams. Many of which don't require my personal attention and I still get paid whether I do anything or not. It's called passive income.
  
  And your valuable time ... spent on Slashdot.
  I'm currently on the express bus. I pay an extra $70 per month to take the express bus and free up 40 hours per month to do other things while someone else does the driving. Like responding to emails and Slashdot comments.
23. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 14:48 · Score: 1
  
  BTW, this song plays every time I read your comments:
  Here's my theme song when I comment on Slashdot.
  https://www.youtube.com/watch?v=C_Dywv-dfws
24. Re:My certs expire every 30 days... by __aaclcg7560 · 2017-06-29 15:25 · Score: 1
  
  There's no way you're making any appreciable money from the utter horseshit I've seen from you.
  According to the Slashdot consensus, I'm making a lot of half-pennies.
25. Re:My certs expire every 30 days... by ls671 · 2017-06-29 22:08 · Score: 1
  
  Express bus, this is pure genius.
  Why didn't I think of it before?.
  
  --
  Everything I write is lies, read between the lines.
26. Re:My certs expire every 30 days... by ls671 · 2017-06-29 22:12 · Score: 1
  
  The link looks nice but I didn't bother to click.
  Congratulations! ;-)
  
  --
  Everything I write is lies, read between the lines.
27. Re:My certs expire every 30 days... by ls671 · 2017-06-29 22:15 · Score: 1
  
  Still 5 cents in the US or is this specific to states?
  
  --
  Everything I write is lies, read between the lines.
28. Re:My certs expire every 30 days... by TheRaven64 · 2017-06-30 01:59 · Score: 1
  
  On a side note, most clients seem to have way to many dependencies. I found a pure bash one without any dependencies
  acme-client has no dependencies and is implemented as a small set of privilege-separated programs, so the thing that handles your private key and the things that makes network connections are entirely separated and the thing that an attacker might compromise runs with very limited privileges.
  
  --
  I am TheRaven on Soylent News
Why so many negative comments? by fabriciom · 2017-06-29 04:06 · Score: 3, Insightful

This thing is the best thing since sliced bread. I use it on all my servers, it saves me money and head aches.
Wonder... by Frosty+Piss · 2017-06-29 04:14 · Score: 1

What is the respomse from commercial xert businesses about Let's Encrypt?

--
If you want news from today, you have to come back tomorrow.
1. Re:Wonder... by CrashNBrn · 2017-06-29 05:04 · Score: 3, Interesting
  
  Good Riddance. About time we get rid of the gouging "middle-man" to protect us from the man-in-the-middle-attacks.
2. Re:Wonder... by thegarbz · 2017-06-29 07:46 · Score: 1
  
  What is the respomse from commercial xert businesses about Let's Encrypt?
  Probably not fussed. Lets Encrypt can only provide non-EV certificates, which make them essentially useless for anyone you need to trust, e.g. bank, site which handles payment or sensitive information, etc.
  non-EV certificates were never too expensive anyway.
Re:Value! by Opportunist · 2017-06-29 04:21 · Score: 1

1. There is no pretense of identification.
2. Learn the basics about certificates and what they ACTUALLY mean rather than what meaning you give them for whatever reason.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Self-signed is pretty good. This is even better by TheRaven64 · 2017-06-29 05:05 · Score: 1

Self-signed certs aren't technically worse than plaintext, but they're not much better. If I go to example.com and establish a TLS connection, I want to know that I am talking to example.com. With a self-signed cert, I have no such assurance. I have a connection that is encrypted, but I don't know if the endpoint is actually example.com or if it is some malware running on the WiFi access point that I connected to (unless you've somehow obtained the example.com public key out-of-band and know that they're not planning on upgrading the connection). You're safe from passive eavesdropping but not from any kind of active adversary.
Self-signed certs are worse than plaintext from an HCI perspective, because they provide the appearance of security, while providing very little actual security.
In contrast, a cert signed by Let's Encrypt at least tells you that the example.com that you're talking to is the same one that the Let's Encrypt server was talking to. It's a lot easier to compromise a random WiFi AP than it is to compromise the connection in the datacentres that Let's Encrypt uses and a random WiFi AP.

--
I am TheRaven on Soylent News
Domain verification by DrYak · 2017-06-29 06:55 · Score: 1

Can you explain specifically what makes this better than self-signed certs?
Self signed certs don't certify much (beyond the cryptographic validity of the key pair).
That means, on your first visit, that it's YOUR burden to check it that certification really belong to the domain, before trusting it and adding it.
(It could be a Man-in-the-Middle with their own self-signed certificate).
On the other hand non-EV certificates and Let's encrypt, all require some proof that the certificate requestor has a control of the server
(depending on the entity issuing the certification: requestor can answer "webmaster@[website.com]" e-mails (e.g.: CaCert), or that the requestor can publish and sign information on "https://[website.com]/nonce" (Let's Encrypt), etc.)
It's always steps that :
- can easily be automated (e.g.: no need to review official legal documents by staff. Unlike EV certificates)
- are steps that can only be done if the requestor has actually control of the domain.
So when you go to [website.com], if the certificate is a non-EV certificate or by Let's Encrypt, you have the guaranty that this certificated was delivered to the people genuinely controlling [website.com].
It's very unlikely that an attacker is ini the middle.
Note that this type of certificate only confirms the address of the website.
It provides no other information about the owner.
i.e.: a Let's Encrypt certificate gives you guaranty that "www.paipall.com" is indeed this website with no middle man attacker.
(you get a padlock in browser URL bars. Like Slashdot.org).
it's doesn't say anything if this website is actually owned by PayPal Inc or someone else. That would require an EV certificate (with a legal team reviewing the official papers to confirm or not)
(taht gives a padlock and a company name in browser URL bars, like paypal.com)

What prevents an attacker with access to a victims wires from using LE to obtain fraudulent certificates?
The attacker would *ALSO* need to have access to the server they are trying to impersonate in order to successfully pass the validation.
(And by that point, if the attacker actually controls that server, there's no need to fuss around with man-in-the-middle attack).

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
1. Re:Domain verification by tattood · 2017-06-29 08:10 · Score: 1
  
  The attacker would *ALSO* need to have access to the server they are trying to impersonate in order to successfully pass the validation. (And by that point, if the attacker actually controls that server, there's no need to fuss around with man-in-the-middle attack).
  An attacker could use LE to setup a MITM attack, if they can hack the website.
  
  1) Take control over the website.
  2) Get a LE certificate for the domain
  3) Export the certificate, and install onto their own malware site.
  4) Phish a user into going to their MITM site, which has a LE signed certificate, that your browser trusts.
  5)...
  6) Profit!
  
  --
  WTB [sig], PST!!!
Over 100,000,000 certificates issued... by nuckfuts · 2017-06-29 07:22 · Score: 1

because they expire every three months.
Not worth the effort by DrYak · 2017-06-29 21:01 · Score: 1

The attacker would *ALSO* need to have access to the server they are trying to impersonate in order to successfully pass the validation.
(And by that point, if the attacker actually controls that server, there's no need to fuss around with man-in-the-middle attack).
An attacker could use LE to setup a MITM attack, if they can hack the website.
As I've explained in the quote you're replying to, if the attacker has control of the website, they can do pretty much everything they want.
At that point, getting a LE certificate is spending needless time on useless stuff that won't bring you much access beyond what you do.

1) Take control over the website.
At that point, the attacker has access to everything they could dream of.
You can straigth jump to :

4) Phish a user into going to their MITM site, which has a LE signed certificate, that your browser trusts.
Why MITM site ? The attacker has access to the real deal.
They could steal data straight from the actual site if they want.
Why LE signed certificate ? (Or for that matter CaCerts, Starcom or any non-EV option at one of the big name certificate authority). The attacker has access to the actual original private key on the site.
If anything, a changed certificate or even a changed authority might look conspicuous (and some power users have tools to detect exactly that).
Why setup a separate LE certificate, when they can use the actual key and rely on whatever expensive signing the site went for ? (and then, for all intent and purpose, the interaction with the pish looks cryptographically exactly the same as if coming from the genuine site. There's no cryptographical way to distinguish them).
At the point where an attacker controls the website, you're pretty much hosed and the fact that they could get a certificate from Let's Encrypt (or from CaCerts.org) (or pay a non-EV certificate from any of the expensive trusted certificate providers) is a minor details compared to the potential of damage they now have access to.
There isn't much difference between Let's Encrypt, CaCerts.org, or a non-EV certificate that you can get from any of the classical providers.
The only thing that Let's Encrypt has brought to the table is their "ACME" protocol, making things also easier to automate on the website owner's side of the business and providing a reasonable set of defaults. (With LE, even Joe Six Pack can have https on their own blog).
The big distinction is between EV and non-EV certficates.
non-EV certs (including from classical sources, but also including Let's Encrypt and CaCerts) : only guarantee (through automated means) that the website is indeed the URL it claims to be - (padlock in URL bar)
EV certs : actual human staff is paid to check extensive legal/official paper work to guarantee that the website belongs to a legal entity (a registered company) - (company name in URL bar).

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
1. Re:Not worth the effort by tattood · 2017-06-30 04:00 · Score: 1
  
  As I've explained in the quote you're replying to, if the attacker has control of the website, they can do pretty much everything they want. At that point, getting a LE certificate is spending needless time on useless stuff that won't bring you much access beyond what you do.
  If they are able to get a LE cert and successfully MITM the site, then they can run all of their bad stuff on their own server instead of the real server. This limits their exposure to being caught, and the website owner fixing their security holes. If the website owner never sees any bad behavior in their systems, they may never know they were compromised.
  
  If anything, a changed certificate or even a changed authority might look conspicuous (and some power users have tools to detect exactly that).
  Websites change CAs and certificates all the time. I managed a website, and when we moved to a different hosting provider, the next cert was issued by their preferred CA and nobody complained. Unless the website owners themselves are checking their certificate, then the power users might just assume that the website changed to LE by their own decision, since LE is free, and easier than dealing with commercial CAs.
  
  Why setup a separate LE certificate, when they can use the actual key and rely on whatever expensive signing the site went for ? (and then, for all intent and purpose, the interaction with the pish looks cryptographically exactly the same as if coming from the genuine site.
  If the website is running an SSL proxy, then the hacker cannot get the private key from the web server itself, unless they are able to jump to the proxy and hack it as well.
  
  --
  WTB [sig], PST!!!