Let's Encrypt Criticized Over Speedy HTTPS Certifications

100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "
The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

Strawman criticism

[QuietLagoon]

Kaspersky Labs needs to get some good press, so they create a strawman reason to criticize Let's Encrypt and then start blogging. As Let's Encrypt says, "its role is not to police the internet, rather its mission is to make communications secure." One has to wonder why Kapersky Labs has a problem with that.

Re:Strawman criticism

[nnet]

Security theater. To appear to agree with gov's position on encryption, kaspersky is trying to appear to be on the same side, regardless their recent bad PR.

Re:Strawman criticism

Why wouldn't everybody have a problem with that? Attack surface thinned and expanded ! Unvetted , meaningless creds are worse than no creds at all.

Re:Strawman criticism

I remember when an HTTPS certificate was only a $99 thing you could get from Network Solutions. I never understood why it was a closed club. LetsEncrypt is throwing lots of the right questions out there. Encryption is already available to everyone, just use PGP. This allows anyone to have a website and use encryption.

Re:Strawman criticism

[arglebargle_xiv]

It's not a strawman, it's real! Every Let's Encrypt certificate is a potential lost sale to guardians of security like Symantec, TurkTrust, and Diginotar! Let's Encrypt is nothing less than a communist plot to destroy the American computer industry!

Re:Strawman criticism

The creds are NOT "unvetted" or "meaningless". They mean exactly what they say on the tin. Let's Encrypt vouches for www.example.com being www.example.com

They leave to you, the end user, to decide whether you wanted to talk to "www.example.com", whether that's really the EXA Metal Procssing Limited of Europe site, and whether it's a good idea to give this site your breast size, first dog's name and social security number.

Re:Strawman criticism

[KingBenny]

agh ... criminals ... http://rrcc5uuudhh4oz3c.onion/

Re:Strawman criticism

[p0larity]

Considering you need to run a script on your server to prove you own it, what avenue of attack are they not performing due diligence on?

Unless an attacker could poison DNS between Letsencrypt and their fake server, there isn't really any trivial way of spoofing that I could think of.

They could get a URL with visually identical unicode characters, if that's possible. But then that's only valid for that visually identical domain.

I still don't see what they can really do. They are there to serve the little guy who can't buy an expensive SSL cert to comply with new requirements.

Re:Strawman criticism

[Cramer]

That "vow" is paper thin. They make no promises that the cert was issued to a legitimate person. Email, DNS record, and file-on-webserver-somewhere are exceptionally weak means of authentication. Sure, those things are found everywhere, but not in any important places. (that's why banks and phone companies mail your PIN on a piece of paper.) A rapidly growing log file is NOT vetting a damned thing.

And no, they don't leave the "user" to make any decisions at all. Do you know who signed the cert for every HTTPS site you've ever accessed? Even the one's that aren't on the URL bar -- the one's inside the HTML for ad services, or those millions of dumbass social media icons? The simple truth is almost no one bothers to see who signed what. The browser throws up a lock icon, doesn't turn the bar red, and doesn't present any warning dialogs. It makes people think things are perfectly secure when they absolutely aren't. Sure, the traffic is encrypted so anyone at random can't spy on you. However, there is zero guarantee you're talking to who you think you are.

Re:Strawman criticism

[Cramer]

The ability to run something on the server proves nothing -- it proves I can run a CLI command. That does not equal ownership, or authorization. There are hundreds of thousands of sites any script kiddie can break into to run a script, drop a file, add a header, etc. to "prove" who they are. Let's Encrypt certs are on par with self-signed certs (they should not be blindly trusted), except they present no warning to users.

Re:Strawman criticism

[p0larity]

Here's the problem, Cramer. I don't need quite that degree of trust for someone to visit my site.

I understand why we need HTTPS. To prevent people from seeing what you're reading, at a base level, to protect your users' privacy.

What exactly about my public blog posts about web and game development is really going to be a concern here? What kind of MITM attack are they going to perform? There's nothing for the user to trust.

There is no login process for users other than myself. If someone trashes my whole webserver, I have an off-site backup.

Worst case is I need to spin up a new instance.

Why, then, do my users need me to pay for a legit certification just so they can browse my site? I just want to continue to appear favorably in search results, and not pay a fortune for the privilege.

Re:Strawman criticism

[p0larity]

I suppose the solution you hinted at is a good one. In common browsers, maybe the user could be warned that the certificate is an automatically authenticated one.

That way they can make an informed choice. I think that kind of transparency is good here, so long as that doesn't start affecting search result ranking. Or as long as that doesn't suddenly stop your site from being seen at all on some networks because of an overzealous IT admin.

Re:Strawman criticism

[p0larity]

Hmm, just thought about this and if someone takes out a cert and runs the auth script on your server, then they place it on theirs, what do they gain?

If they poison DNS they MIGHT be able to pretend to be your site.

If they can't poison DNS, the cert is invalidated when it's not served up from your domain.

Also: THEY HAVE ACCESS TO RUN SCRIPTS ON YOUR SERVER.

So why go to the trouble to make a cert?

Re:Strawman criticism

[Cramer]

The ability to access your server may be limited -- and the more it's used, the more likely it is to be detected. If one replaces your SSL certificate with a known-to-them certificate, they can decrypt the traffic for your site from outside your server, from points you won't be able to detect or do anything about.

At the end of the day, Let's Encrypt makes the little green lock icon not mean what everybody assumes it does. Just because the packets on the wire are encrypted doesn't mean anything. Sure, a random person on the internet cannot see what that traffic is, or modify it. Random people on the internet aren't the ones to worry about. If the site's traffic is of sufficient value to target, that little lock icon doesn't mean shit; you could still be talking to a bad actor. People see the closed lock and think "nothing can be wrong here", when that's not remotely true.

agreed

"I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

Similarly, I don't think it makes a lick of sense that Google is a "super-authority" in deprecating entire CAs. That's rather close to a mechanism for monopoly.

Re: agreed

That's a large part of why the CA model is broken. CAs shouldn't be competing at all; they're there to provide a service. Imagine if OpenPGP keyservers were competing... There's no reason for it unless you're a bad actor to begin with.

What LE is doing has helped people see that a security cert isn't something you should pay for, and that being signed by a CA doesn't mean anything, especially with the shitty politics Google et al have been playing at the CA level.

The well is poisoned, and the big boys are attacking the people who pointed it out.

Re:agreed

[sexconker]

The fact that Chrome and FF use their own cert stores and update them unilaterally without the user ever knowing is absurd.

The browser should use the cert store on the OS. And the OS should update the certs. (And when MS updates certs, it should optionally present detailed info to the user about changes.)

The entire concept of CAs is built around trust in an environment where none of the actors and powers that be are trustworthy.

Re:agreed

Often the only indication the user has that they are being MITMed is precisely because the browser did not use the OS cert store.

Re: agreed

[hord]

But are we going to get a better cert infrastructure or is everything just going to remain on fire forever?

Re: agreed

[Midnight+Thunder]

At the same time I believe there is a difference between encryption for the target site and a certificate saying the site is owned by the people who claim they do. The standard for the former is likely to be lower than for the latter.

For example I want to know that the data for www.somedomain.mars is encrypted for said site, while for www.mybank.mars it is encrypted for the site and also owned by my bank.

The real question should be what should the expectations of a certificate for a given context and are the checkboxes all checked?

Re: agreed

[corychristison]

Personally I believe DANE is the future of secure websites.

CA's could still be useful for vetting entities and ensuring the domain you are connecting to is owned by the Entity you are trying to connect to.

Much like how Extended Validation certs are made, but the CA's would really need to step up their game.

Re: agreed

[0123456]

"For example I want to know that the data for www.somedomain.mars is encrypted for said site,"

What does that matter, if the encrpytion key was issued by a man-in-the-middle who's now listening in on all your traffic?

Re:agreed

+5 Troll; these browsers use their own store due Microsoft being too trusting.

Re:agreed

[jaa101]

Why is Microsoft better qualified to maintain certificate stores than Mozilla and Google? It's not like every browser maintaining its own store on a machine is a huge drain on resources. When it comes to security, diversity is a good thing. Or should the UN institute a global authority to maintain a certificate store for use on every browser on every device?

Re:agreed

[guruevi]

What's absurd is that you use someone else's CA store to begin with. I remove CA's I don't interact with. I never had a problem removing things like the Turkish or Netherlands government, nobody uses their certificates.

The problem is that Microsoft is the worst when it comes to vetting CA's because it could impact one of their "enterprise customers". As long as Microsoft puts their higher paying customer before you, they aren't trustworthy.

Re: agreed

DANE is pretty well dead. See the Chromium and Firefox (now reopened, actually) bugs on the issue. This blog post gives a good set of arguments why supporting DANE may be a bad idea. Not sure I agree, but the browser vendors seem to.

Re: agreed

[hawkinspeter]

How would a man-in-the-middle get a LetsEncrypt cert for a domain that they have no control over?

Re: agreed

Er... Chrome uses Windows' and macOS' cert store on those platforms.

Re: agreed

Personally I believe DANE is the future of secure websites.

DANE is unquestionably superior, but it just moves the CA to the registrar and makes the Let's Encrypt server-to-CA protocol unnecessary. Sovereign Keys are the real replacement for CAs because they take power away from the registrars as well.

Re: agreed

The whole system is wrong. Secure connections should work like in ssh, first connection stores public key and warns the user when it is changed in future.

CAs offer no security, the chain of trust is way too big and not trustworthy whatsoever. I mean look at the endless list of CAs that your browser implicitly trusts, it's ridiculous!

Re:agreed

None of them are qualified, as their history regarding security and collusion with intelligence agencies clearly illustrates.

Re: agreed

I'm sure you intended this as a rhetorical question, but the answer is interesting in terms of the height of the bar to such shenanigans.

If the domain doesn't have DNSSEC and CAA records forbidding Let's Encrypt (the first makes it very difficult to fake DNS answers, the second announces over DNS which CAs you want to do business with) then...

You can MitM the IP route taken by the Let's Encrypt probe and spoof the domain you don't control. You would probably do this from an Autonomous System (the Internet routing is handled by Autonomous Systems which advertise how you can route packets) which you were able to control or had influence over, and you'd only need to do it for the duration of the Let's Encrypt probe step, a few seconds.

The certificate would be CT logged, but it could take hours (and theoretically even up to a day) for the victim to notice even if they're looking for unauthorised certificates. Let's Encrypt would have no record of the IP route choices taken, since the Internet deliberately doesn't tell the edge nodes how it is connected.

This has been done (with Let's Encrypt even, since it's free to use, so it was easiest) by researchers as a demonstration, using two separate networks both of which they actually legally controlled but Let's Encrypt had no way to know that. It is likely the same trick has been used by criminals but we have never seen proof. It would be equally effective against all cheap DV Certificate Authorities, it's just that Let's Encrypt costs $0 and even academics like free. It's not something your kid brother could do, but certainly an admin at a big service provider could use it to attack any of their own customers for example, and backbone admins could do it to anyone in the world more or less.

Re: agreed

[hawkinspeter]

I was genuinely curious, so thanks for your answer.

If I'm reading your post correctly, it sounds like a BGP attack. I just did a quick check and found that LetsEncrypt does also check previously issued certificates, so if you've already got a (valid) cert for your domain, then it's going to be a lot harder to get LetsEncrypt to issue a cert to the spoofed domain (the attacker wouldn't have the original private key).

Re: agreed

As you mentioned, DNSSEC is enough to mitigate this threat. I've personally enabled it for all my domains.

Anyway, good explanation thanks.

Re:agreed

[toddestan]

Errr.... Chrome uses Microsoft's certificate store on Windows.

Re: agreed

[catprog]

How do you protect the first vist?

Re:agreed

[sexconker]

Often the only indication the user has that they are being MITMed is precisely because the browser did not use the OS cert store.

That's not a good reason for multiple cert stores managed by multiple parties. That's like having multiple gates to the same city where the North gate requires one set of ID and the South gate requires a different set.

Re:agreed

[sexconker]

Because it makes sense. No, not all users. But users who care, and most importantly, the choice needs to be made when changes are made, especially to root level certs.

Re:agreed

[sexconker]

Not always. Update Chrome and they'll blacklist/whitelist things in addition.

Re: agreed

[Cramer]

Many, MANY possibilities. BGP hijacking is one of the more complex ways. But compromising the server itself is far more likely. Poorly secured email accounts... poorly secured DNS services... poorly secured cloudflare account... DNSSEC cannot protect you from your own stupidity. (and most/much of the internet ignores it anyway)

Re: agreed

[hawkinspeter]

Okay. BGP hijacking would be valid. Compromising the server would mean that you do have effective control over the domain and you don't even need to do a man-in-the-middle as you'd have access to the un-encrypted data anyway. I'm not sure what you mean by poorly secured DNS services - the challenge/response is performed by LetsEncrypt so DNS poisoning the client wouldn't work very well. You'd have to DNS poison the LetsEncrypt servers which would pretty much be a BGP hijack.

Re:agreed

It does because it keeps all parties more honest.

Nonsense

[gweihir]

My boss recently got an ESL certificate from a reputable tier-1 vendor. The validation was a complete joke: A guy with bad English asked him some questions over the phone that anybody could have found the answers to with a bit of work. The only security in place for ESL certs is that they are not that cheap, but that does not help against a targeted attack, because they are not really expensive either.

The bottom line is that certificates weakly ensure one thing: You are still talking to the same site on the next visit. They also ensure that small-time criminals will find it somewhat difficult to eavesdrop. And that is about it. In many cases, self-signed certificates will be more secure than that. The whole certificate-system is a bad joke, created by the utterly incompetent with too much trust and then corrupted by state-sponsored malicious actors. Incidentally, this is not a surprise. Basically all what is broken with the system now was predicted by perceptive people decades ago.

Re: Nonsense

Well of course ESL resulted in bad English

Re: Nonsense

you're an idiot, mister derpitty derp, but i like-a the way that you dirpity derp with your mouth, and your ass.

Re: Nonsense

Actually you're the idiot! You don't even know your cert types lol

Re:Nonsense

note well that it seems amazon.com has finally (decades late IMO) implemented basic ssl for its core online shopping business. Curious too the syncronicity with headlines of spooky Dark Web Marketplace masters ceasing to magically elude all that the post-911 policing budgets produced. I.e. one could quip that amazon.com just 'went dark', encrypting all that personal information about its users shopping behavior. Yes, a very big sad joke it all is.

The LetsEncrypt thing seems to be a classic market-forces issue. Popular browsers are free to not trust by default those certificates. Let the economic leverage games continue along with endless war until the ripe old year of 1984...

Re: Nonsense

[DigiShaman]

The whole point of encryption is to prevent data being snooped out in the open. Yet the biggest hang up has been the vetting process. In this case, also making the certificate issuer a notary. Why?? Why must SSL certs also be notarized? Why can't that be two different services or certificates. Maybe as a network admin, I want to block all traffic that hasn't been certified as trustworthy regardless of the fact it's encrypted or not. I mean, the point is to stop malware! Otherwise, we can go down the list of creating or subscribing to a trusted whitelist or IP addresses. I'd rather not do that as it's the "nuclear option".

Re:Nonsense

Nothing is broken. The Certificate Authority was always an excuse for a business model designed by rent seekers. it's working quite well thank you very much. More to the point, TSL certificates are still perfectly secure.

You can get better results vetting certificates yourself on first visit. Indeed, that's what we all did before browsers started redesigning their user interfaces with the assumption of perfect trust of CAs. They've done everybody a huge disservice by training them to trust a fucking green padlock.

Re:Nonsense

[Zemran]

What bugs me is that before Let's encrypt, if you created an http:/// site all was well but if you made that site a little bit more secure by adding self signed certificates there were warnings on your site and visitors were warned against going there. The bottom tier of CA certificates only differ in that you gave someone money. At that time I only had to reply to an email and add a code to my web site. So there was a disincentive to adding a snake oil certificate that seemed to only be there to get you to part with $50. If you pay more and really do prove who you are the green bar travels further across the browser. The information is there to tell people what level of test you have faced but they should take away the warnings on snake oil certs as they are not dangerous and certainly less dangerous than no certificate.

Re:Nonsense

[phantomfive]

In many cases, self-signed certificates will be more secure than that.

That's a good point.

Re:Nonsense

[adolf]

The theory behind the certificate chains is a web-of-trust sort of theory.

In practice, it doesn't really work that way: Users are either greeted with no prompt and an unsecured connection, a prompt with a secured connection, or no prompt with a secured connection.

That's all the user knows...and that's if they're even paying attention.

(There's a fourth user-case of "The key has changed!!!2!!," but that's something that doesn't generally happen because DNS hijacking is uncommon these days.)

I mean, I'm here at /.. Chrome says "Secure" on the address bar. I can dig deeper and make sure that I'm talking to the /. that I want to be talking to, but I could've done that before with DNS...and I won't bother in any case, since I do not care who sees my /. rants (else, I would not be posting them).

All I really know is that the connection between myself and /. is encrypted, and that eavesdropping is limited.

And that's all I really know about any website, whether banking or otherwise.

Re:Nonsense

[hawkinspeter]

The biggest issue with self-signed certificates is that the client machine cannot verify if the certificate belongs to the domain owner. If you're running a malicious wifi spot, you can do a bit of DNS poisoning to direct your clients to the wrong IP address and then present a different self-signed certificate and perform a man in the middle attack.

A LetsEncrypt cert can only be issued to someone who controls the domain in question and so gets round the man-in-the-middle issue.

Re:Nonsense

[JohnFen]

In many cases, self-signed certificates will be more secure than that.

Yes, this.

I have a (self-signed) CA that I sign all of the certs I used with, and share it with other people I personally know and trust.

I do not really trust certs signed by any other CA, because I don't know them and have no reason to trust them.

Re:Nonsense

[JohnFen]

The biggest issue with self-signed certificates is that the client machine cannot verify if the certificate belongs to the domain owner.

That's why you should use a self-signed CA and use that to sign your working certs, rather than using self-signed working certs directly.

Re:Nonsense

[hawkinspeter]

So how does the client machine know about your self-signed CA? Couldn't a man-in-the-middle attack do exactly the same thing and your client wouldn't know (if it was the first visit) whether it was your self-signed CA or someone else's self-signed CA?

Re:Nonsense

[JohnFen]

Because you've given your root cert to the people who need it. I'm not talking about certs used by random visitors (there's currently no solid solution to that trust problem, as near as I can see), I'm talking about services provided to people who know you and to whom you can directly provide a cert that they trust.

If you've given them a self-signed CA, then you can provide future certs signed by that and they can trust that those certs are really from you, without having to get them from you directly.

This is, by the way, how PKI is supposed to work -- you only trust certs that you have personally verified are from who they claim they're from. Ideally, this is by obtaining them directly, but almost as good is if they've been signed by a cert you obtained directly from someone who you trust is diligent about what they sign.

Public CAs like verisign, etc., are an intentional workaround of the trust system for the sake of convenience. That's why they aren't actually very trustworthy.

Re:Nonsense

[hawkinspeter]

I see. I assumed you were talking about typical websites with random visitors.

Follow the money

[Scutter]

"We're mad because Let's Encrypt makes it way too easy for the plebs to get a certificate without paying hundreds or thousands of dollars per year to a CA."

Re:Follow the money

Also, it's from Kaspersky. After being outed for their cooperation in black programs against the United States, they've got plenty to whine and cry about.

But I'm sure bogaboga will be along any time now to correct the Slashdot record with his usual dose of vatnik propaganda.

Re:Follow the money

The kind of certoificates issued by Let's Encrypt are about 10$/year
The most expensive certificates are the EV but even those are just a couple of hundred max.

Re: Follow the money

[corychristison]

If you know where to look, you can get them for about $4/yr.

Green Bar is the probem.

[Swistak]

I've spent better part of a day to explain to My Mom how to distinguish a safe website from unsafe one. You look at the Green Bar / Lock. Is it green? you are good to give them your name and CC details.

Now I'm going to her and have to explain, that no, things have changed, if you see a green padlock, it no longer means someone at least had to fax some registration papers and pay few bucks so he's traceable. I can already see conversation going: - So you're saying that the green bar no longer means website is ok?
- Yes. Now it has to be a green padlock and a name of the organization, and you have to check it with magnifying glass because it's very easy to mistake l with I. see Mom, there's difference between AlliorBank and AIIiorBank. Do you see it? Do you?

Re: Green Bar is the probem.

I spent the better part of a day with your mom too, but she wasn't interested in talking

Re:Green Bar is the probem.

[SeaFox]

- So you're saying that the green bar no longer means website is ok?

- Yes. Now it has to be a green padlock and a name of the organization, and you have to check it with magnifying glass because it's very easy to mistake l with I. see Mom, there's difference between AlliorBank and AIIiorBank. Do you see it? Do you?

I think a lot of these phishing problems are caused by people blinding following email links from "their bank" and not learning how to directly browse to a website (instead trusting Google to give them the valid link by searching for their bank's name). There's a pretty easy solution to this: Make a bookmark of the correct site and only use this bookmark to access the bank's site. Will that stop a DNS-based attack? No. But it will be effective against what a large percentage of what causes people to enter their credentials on the wrong site.

Re:Green Bar is the probem.

No need to worry. Your mom passed my penetration test.

Re: Green Bar is the probem.

[Zero__Kelvin]

No. You have to explain to get you misinformed her. You have to tell her that what you initially told her was never true, and you had no idea what you were talking about.

Re:Green Bar is the probem.

[Gravis+Zero]

I've spent better part of a day to explain to My Mom how to distinguish a safe website from unsafe one. You look at the Green Bar / Lock. Is it green? you are good to give them your name and CC details.

Now I'm going to her and have to explain, that no, things have changed

No, nothing has changed about what that green bar means: encrypted connection. You pushed a false idea on to your mother, an idea that companies planted and you blindly accepted.

Re:Green Bar is the probem.

[David_Hart]

- So you're saying that the green bar no longer means website is ok?

- Yes. Now it has to be a green padlock and a name of the organization, and you have to check it with magnifying glass because it's very easy to mistake l with I. see Mom, there's difference between AlliorBank and AIIiorBank. Do you see it? Do you?

I think a lot of these phishing problems are caused by people blinding following email links from "their bank" and not learning how to directly browse to a website (instead trusting Google to give them the valid link by searching for their bank's name). There's a pretty easy solution to this: Make a bookmark of the correct site and only use this bookmark to access the bank's site. Will that stop a DNS-based attack? No. But it will be effective against what a large percentage of what causes people to enter their credentials on the wrong site.

Exactly. I taught my Dad to actually go to the bank web site and never trust links in email, etc. Then you can look for the green lock symbol.
 

Re:Green Bar is the probem.

[svanheulen]

Here, I have a lockbox for you. It's secure, don't worry.... It's full of spiders, but it's secure. I'm sorry you misunderstood what certificates do but they NEVER worked like that. Anyone can buy any domain they want (so long as it's available) and buy a certificate for it. You have always been able to do that. And Let's Encrypt doesn't allow anything more then any normal certificate issuer except.

Re:Green Bar is the probem.

[svanheulen]

*except it's free. (I swear I had that in there... I blame Slashdot eating my words)

Re: Green Bar is the probem.

[Zero__Kelvin]

The S stands secure and has always stood for that. Her CC number will be securely sent to the server in question. Again, LetsEncrypt changes nothing about how all this works. You have no clue. If she connects securely to trumpuniversity.com or does so through http she will get scammed either way. Read the hundreds of other posts here where everyone else already understands this. Time to admit to mom you aren't the ubergeek you let them think you are I'm afraid. Off you go now ...

Re: Green Bar is the probem.

[svanheulen]

You're making assumptions about what "secure" means in this context. It means the communications are secure from 3rd parties. That doesn't mean the website you're communicating with isn't evil. It never has.

Re:Green Bar is the probem.

[Swistak]

Go to the regular CA and try to tregister AIIiorbank.pl, I dare you. I double dare you, and bet 100$ that you won't be able to. With let's encrypt? Sure no probs. Here's a green Bar for you.

and I'd maybe even agree with you if not for the fact that that it says 'Secured' Right there when I click that green lock. Not 'Encrypted', 'Secured'.

Re:Green Bar is the probem.

[Swistak]

Oh. and don't get me wrong. I'm all for Encrypted web. I use let's encrypt myself. Except don't fucking lie to people that website is 'Secutre' If it's not.

Re:Green Bar is the probem.

The CAs dropped the ball so long ago that - at least for reasonable people - nothing changed with Let's Encrypt. Domain based validation isn't great, but it was the status quo before Let's encrypt changed one thing: It made certificates free for the masses (without the pitfalls of the previous free options).

Re:Green Bar is the probem.

[svanheulen]

Actually I can't get a certificate for that domain even from Let's Encrypt. You know why? Because I don't own that domain. But if I did own it, I could buy one for $10/yr from my domain registrar. And... "secure"... You keep using that word. I don't think that word means what you think it means.

Re: Green Bar is the probem.

I rather see you try to get one from LE without actually owning that domain. Go right ahead and do it right now to prove your point, you have nothing to loose since it's 100Ã free.

But you won't because you can't.

Re: Green Bar is the probem.

[Swistak]

Oh. But I already own AIIiorBank.pl, you see it's absaolutelly dfifferent from AlliorBank.pl. But I see how you could be mistaken.

Re:Green Bar is the probem.

[barc0001]

> Now I'm going to her and have to explain, that no, things have changed, if you see a green padlock, it no longer means someone at least had to fax some registration papers and pay few bucks so he's traceable.

Things have been changed for a LONG while then. I've been able to get SSL certs with a credit card and no verification outside of an email address from a major vendor since 2009. A wildcard at that.

Re:Green Bar is the probem.

[Swistak]

I'm quite sure you don't know either. The reason we have Certificate Authorities, is because it was assumed that CA has an Authority to verify that this website is who it claims it is. We also used to have a thing called self signed certificates. So if you had a need for encryption, you know you could encrypt. Except. Amount of abuse self sign certs created caused all major browsers to display huge warnigns, somtimes makign you do 3 steps to accept those certificates. And now LetsEncrypt is basically a self-signed-cert, except it is labeled 'Secured' in browser, instead of 'Someone is p[ossibly trying to scam you'

Re: Green Bar is the probem.

[svanheulen]

You keep using capital letters in a domain name. You know that's now how that works right? All domains are always lowercase, and even if you type them in manually your browser will switch it to lowercase.

Re:Green Bar is the probem.

[svanheulen]

it was assumed

There's your problem.

Re:Green Bar is the probem.

You've been corrected no less than ten times now.

So it is safe to not longer call what you falsely believe as a mistake, you are now intentionally lying.

The fact you think secure by encryption doesn't mean exactly that - lie.
The fact you think faxes are somehow required - lie.
The fact you think proof of domain ownership works any different - lie.

You don't care about reality, and you don't care about facts.
At this point please Please stop purposely and intentionally harming an elderly woman for your own profits, you evil heartless scum.

Re: Green Bar is the probem.

[Zero__Kelvin]

You typed the same thing twice, but you have been proved ignorant on this issue by person after person after person. Just accept that you were wrong and apologize to your mother like a good boy ...

Re: Green Bar is the probem.

[hord]

HTTP stands for HyperText Transfer Protocol. I don't remember images being text. Looks like you have tons of things to explain to your mom...

Re:Green Bar is the probem.

[thegarbz]

Now I'm going to her and have to explain, that no, things have changed

Things changed 10 YEARS AGO with the introduction of EV certificates and changes in modern browsers like IE7, Firefox 12 and Chrome 1 in how certificates are handled. You are just a bit slow to catch up.

Re: Green Bar is the probem.

[Zero__Kelvin]

I see now that the issue here is that you have no idea how letsencrypt works. They indeed verify that the person requesting the certificate for the server on the domain controls it. Please learn about LetsEncrypt before continuing to make a fool of yourself.

Re: Green Bar is the probem.

[thegarbz]

NBow I have to explain to her that 'S does not stand for Secure

Of course it stands for "secure". You can rest assured in the comfort that when you type your Paypal password in at https://www.payypall.com/ I or anyone else other than the operators of the scam site are unable to see your password.

Validation of companies was not part of getting an SSL certificate, not until 2005 anyway when the EV certificate was introduced. And it wasn't long after that browsers started displaying EV details differently which is why when I go to https://www.payypall.com/ I see a green lock, but when I go to https://www.paypal.com/ I see "Paypal Inc, [US]" written in the address bar.

Re:Green Bar is the probem.

[thegarbz]

Ugh. Dude. Because S in HTTPS always stood for Encryption right?

The s stands for secure. Your connection to Paypal.com is just as secure as it is to any old scammer who is also encrypting via SSL. No one other than you and your favourite scammer will see your password. You're completely secure.

The fact that the CAs dropepd the ball, does not make the fact that Browsers pushed hard to make it so you can trust a green bar.

Browsers have differentiated levels of security in their green bar for a long time now. You may notice that the green bar looks very different when going to e.g. slashdot.org vs bankofamerica.com.

The little lock (which is what you mean by the green bar because you're not paying attention) has never said that the other side of the connection is trustworthy.

Re: Green Bar is the probem.

[Swistak]

Words have meaning. If browser says it's Secure noone is going to think twice. You know that we used to have a self-signed-certs for this very reeason. So you can have an encryption without CA verifying your identity.
That's what Certificate Chaning was designed for. That's why there are signing parties for PGP.
This discussion has been had already. No. Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

Re:Green Bar is the probem.

[Swistak]

You're a horrible human beeing.

Re:Green Bar is the probem.

[Swistak]

It's really nice that you completely ignore the original post. Then call me a evil heartless scum for trying to give her a set of simple guidelines to follow.

So you ignore all the arguments I make, you ignore my posts, you go for ad hominem attacks. If someone is a scum in this exchange. it's not me.

Re: Green Bar is the probem.

[svanheulen]

Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

How is your browser or the CA supposed to know what website you think you're on? Are you saying that they're supposed to read your mind? Secured, in the context of HTTPS, has always meant "encrypted and you're talking to the server associated with the domain/URL you accessed." And yes, this discussion has been had already... and if you didn't notice, no one is agreeing with you.

Re: Green Bar is the probem.

[Ultra64]

>Words have meaning

Yes, and you're getting the meaning wrong.

>Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

That's still encrypted.

Re: Green Bar is the probem.

Problem is too many CAs, which mean there is near 100% change that multiple CAs are compromised/corrupted/incompetent.
The other problem is that only one of those CAs needs to sign the certificate to make it completely trusted.

Most CAs never verified any certificate they signed.

Re: Green Bar is the probem.

There are varying levels of SSL certificate - domain validation, organization validation, extended validation. They all make the bar go green but with extra icons to indicate the level.

The most basic one (DV) only needs you to prove control of the domain. That's generally tested automatically by the ability to either 1) add a specified subdomain to your domain 2) upload a specified file to the website or 3) respond to an admin email address listed in the WHOIS record. I've done that multiple times and a decade or more before Let's Encrypt existed.

All Let's Encrypt does is provide domain validated certificates for free so they're easier to obtain when the price used to stop most people using SSL, therefore making encryption more widespread. Which is generally a good thing.

What you (or your Mom) are really interested in is the bar showing the OV or better EV icon as well as being green. And you always have been. But you need to remember only larger companies will bother to pay the extra cash, so you should see that for things like banking but you shouldn't expect to see it on things like someone's personal blog.

Re: Green Bar is the probem.

[fnj]

You keep using capital letters in a domain name. You know that's now how that works right? All domains are always lowercase, and even if you type them in manually your browser will switch it to lowercase.

It would be more correct to state that name lookups for DNS queries must match with case insensitivity. "example.com" is identical to "Example.com", or "ExAmPlE.CoM".

Re:Green Bar is the probem.

So you ignore all the arguments I make, you ignore my posts, you go for ad hominem attacks. If someone is a scum in this exchange. it's not me.

I didn't ignore your arguments/posts, I addressed them pretty directly, as did others.
You refuse to believe you are incorrect here and keep arguing that certificates/CAs fail to do something they never did in the first place nor were ever meant to.
You then explain how certs work in a very disprovable way - you can look at the slashdot lock icon to see how wrong your explanation is - and continue to say your disproved claims are somehow true despite observation showing they are not.
You continue to intentionally miss the point everyone is making and keep lying about it.

Not to mention you are the one lying to your mother, not us.

Re: Green Bar is the probem.

You have it backwards. 'S' does stand for 'Secure'.

What it doesn't stand for is 'Safe'.

Re: Green Bar is the probem.

[thegarbz]

No. Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

And it does 100%. The word "Secure" and the little lock show up when a server proves via the certificate chain that they are who they are addressed in the address bar. Nothing more.

Your problem is you expect the computer to not follow your instruction, but rather interface with your brain. How is the computer supposed to know that when you address www.bankof4merica.com that you didn't actually want to talk to the scammer but actually wanted to talk to www.bankofamerica.com. If you told your mother the little green lock is proof of that, then you have been giving out very poor advice.

Re:Green Bar is the probem.

[BadDreamer]

It *is* pretty heartless to give your mother incorrect guidelines to follow, and then complain that reality does not conform to your imagined view.

Let's imagine Let's Encrypt vanished overnight. Would that suddenly make your misguided attempts to simplify away parts of reality to your mother more correct?

No, that would not happen. Your advice would still have been wrong from the start. And nothing will ever make your advice correct, because your advice is inconsistent with reality. That is not Let's Encrypt's fault. Nor is it the Slashdot crowd's fault.

It is YOUR fault.

Re:Green Bar is the probem.

Here, I have a lockbox for you. It's secure, don't worry.... It's full of spiders, but it's secure.

I'm sorry you misunderstood what certificates do but they NEVER worked like that. Anyone can buy any domain they want (so long as it's available) and buy a certificate for it. You have always been able to do that. And Let's Encrypt doesn't allow anything more then any normal certificate issuer except.

Sorry, but you're wrong. CA are (supposed) trustworthy entities. They're mutually trusted entities.

It means you and I trust them, due to having them in the list of CA certificates of our browsers. We trust them to verify the identity of the operators of websites, identified by their private key. It has always been part of their function.

What constitutes verification has been changing, but the idea is the same, that you and I trust the CA, so when we don't trust each other, we ask the CA.

But reality no longer works like that. It may have worked in an intranet, or in an internet among universities, but your average computer user has no idea about the thousands of certificates loaded in their browser, has no say on what gets on that list.

Not only that, but there's no alternative either. If bankofamerica.com uses McAffee certificates, and I need to do business with it, I can't ask it to install an alternative cert from a CA I trust... can I?

At least in linux, anyone can mess around with the trusted root certificates. It's not simple perhaps, not for your average joe, but it's doable. But nobody does, not even tech-savvy people. Why? Because it's impractical. I really need the CA list the net is using, or I can't use HTTPS at all.

And that's what completely robs the CA system of its theoretical virtue. The realities of mass e-commerce. The asymmetric nature of it, where companies dictate policy and consumers consume. There's no shared trust whatsoever.

Perhaps it would be best if browsers had an option to "untrust all CAs, ask for trust later", to confirm trust on each root CA as I enocunter them. At least that way I'll be pruning the list to the subset that I actually need, and reduce the surface of attack. Although it would be a big pain in the ass, not sure if anyone would bother.

But another reality is that for ages e-commerce has relied on an old (quite hated, but useful) financial invention to handle that risk, any risk in fact. It's insurance, they don't need a perfect system, they only need insurance to cover the holes, and a system that, with flaws and all, is effective enough to make insurance cheap. And it works, mostly.

Re: Green Bar is the probem.

In fact that's a cute hack to buy us some more security with DNS (and use by Let's Encrypt) called 0x20 because it involves setting or not setting the bit 0x20 in some bytes of a DNS name.

A correct DNS server should answer requests for SoME.EXamPLe.CoM with an answer for SoME.EXamPLe.CoM, not some.example.com or SOME.EXAMPLE.COM despite all of those being the "same" name in DNS. So you can pick the capitalization randomly and then a bad guy who hopes to sneak a false answer past you has to watch you ask the question and only then make up their fake answers to match, whereas without this trick the bad guy gets a head start over the authentic server because he can send fake answers before the question even arrives.

DNS entropy is a bit thin, but this can often buy us 10+ extra bits of entropy, which can make a $100 attack into a $100 000 attack. Lots of people have enemies who'd pay $100 to make them suffer, not so much for $100 000.

Re:Green Bar is the probem.

Even further since 10 years, but these have been positive changes, making things more secure, not less, and Let's Encrypt is right at the front of that

Let me list a few things you could get 10 years ago and can't have today because of 10 years worth of improvements to the ecosystem.

* Certificates for plain local network names that no-one could possibly own, like "exchange2013" or "tapebackup"

* Certificates for DNS names that aren't even part of the Internet, so no-one on the Internet can own them, such as "printer.local" or "bankofamerica.corp"

* Certificates issued for a domain based on control of some vaguely technical sounding email address, but not actual control over the domain, like "certificates@example.com" or "security@example.com"

* Crazy multi-wildcards for entire TLDs like *.*.com

* Certificates issued based on 5 year old paperwork. "Oh, you owned example.com in 2003, that's only five years ago, sure, have a certificate"

* Certificates using the hopelessly compromised MD5 secure hash. Even after this was used to do actual crimes, it was still authorised by CAs.

Re: Green Bar is the probem.

Allior and example could be written with cyrillic.

Re:Green Bar is the probem.

[petermgreen]

At least in firefox blue used to mean a DV certificate while green meant an EV certificate. At some point they started using green for everything.

Re:Green Bar is the probem.

>

This is very wrong. The reason all browsers give your warnings about self-signed certs is because there is no mechanism to verify that the owner of a self-signed cert actually controls the domain the cert is supposed to validate as genuine. Let's Encrypt requires that the requester of a cert for a domain demonstrate control of the domain *before* they will issue a cert for that domain, which is a much higher bar to meet than self signed certs.
Whether you use a paid CA or Let's Encrypt to generate certs for nefarious purposes or not doesn't really have any bearing on certificate issuance and validity. Bad actors can obtain valid certs for their domains so long as they control the domain in question.
A cert doesn't guarantee that a domain is run by people with good intentions, it simply attempts to verify that the servers on the domain actually belong to and are under control of the owners of that domain.

   

dotdotdot

and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting?

Why hold one CA to a completely different set of standards than every other CA?

The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls...

And how does any other CA prevent this after issuing certificates with the exact same level of proof of domain ownership?

Are you claiming that because it's free that criminals can now finally obtain certificates?
Criminal rings have profits and budgets orders of magnitude larger than most IT departments!
That logic is as ass backward as it possibly could be.

"I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Then go get the CA/Browser Forum to amend their requirements that all CAs and web browser makers follow.

It's completely pointless to say Lets Encrypt isn't allowed to do for free what all the other CAs are still allowed to do for a few bucks.

Encryption bad?

[mwvdlee]

All I want is to have encrypted connections. Why do I have to pay a shit-ton of money for connections to my server to be properly encrypted and not to be treated like a criminal by browsers? Let's Encrypt does this. Yes, they're not verified very well; neither are standard SSL certificate (I know; I bought some with pretty much zero verification).

Re: Encryption bad?

[Zero__Kelvin]

Stop spreading misinformation. They are 100% verified. They verify that the person requesting the certificate for the server in fact controls the server.

Re:Encryption bad?

[ckatko]

Isn't that what a self-signed certificate is for?

Re: Encryption bad?

[corychristison]

Where is this "shit tonne of money" being spent?

Domain Validated Certificates can be purchased for about $4/yr, less if you buy multiple years.

Re:Encryption bad?

I agree .. Lets Encrypt was never needed. Self signed are just as good.

Re:Encryption bad?

Not really no.

A self-signed certificate on its own tells you nothing whatsoever. It's a circular argument, "I am Bob, and to prove it, I, Bob, say that I'm Bob". You may have seen this same argument used by not very good Christian apologists, "The Bible is true because the Bible says that the Bible is true". Let's Encrypt is an independent Certificate Authority, so they give Bob a certificate, "I am Bob, and to prove it, Let's Encrypt says I'm Bob". Now, if you don't trust Let's Encrypt, you're not much better off than before. But if you _do_ trust Let's Encrypt this is a huge improvement.

Now, in principle you could manually check every single certificate, maybe fly out and compare the fingerprints with the server owner each time, but the reality is that people don't do that, they click "Yes, ignore, everything is fine" and maybe promise themselves they'll check next time. And then they don't have any security at all.

For sites only a tiny handful of people use, hand rolling your own CA _can_ be more secure than something like Let's Encrypt. You will need to do good job, like, a really good job, but if you do then you'd be able to offer more security than they do on your more modest scale. But THAT isn't issuing self-signed certificates, that's a tiny private CA, which is different.

Re:Encryption bad?

[Cramer]

This is the exact same as Bob having someone follow him around to introduce him as "Bob" everywhere he goes. If you don't already know the person doing the intro, we're back to square one. Let's Encrypt is functionally equivalent to self-signing: do not blindly trust. They do effectively nothing to validate the request or requestor. To continue with your example, this is like validating Bob by going to where "bob" says is his house and seeing "him" on the front porch. It's often far too easy for that to (a) not be Bob's house at all, and (b) not be Bob on the porch.

Re:Encryption bad?

[VisceralLogic]

Let's Encrypt verifies that you control the server that responds to the DNS request. So the example is more like Let's Encrypt goes to the address listed in the phone book for Bob's house, and someone let's them in, so they give that person a certificate for Bob's house.

Yes, but that's just a symptom of the problem.

[dgatwood]

One big reason for the volume of certificate issuance is that LetsEncrypt forces you to update your certificates at least once every 90 days. This means that the number of certificates issued is guaranteed to be at least 4x the number that would be issued by a traditional CA, and realistically, more like 12x or even 20x.

So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times that result in them issuing so many certificates each day, not for the number of certificates per se. That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

Re:Yes, but that's just a symptom of the problem.

[king+neckbeard]

The verification is performed by software, the same as any other CA. Less frequent renewals would not result in more through vetting.

Re:Yes, but that's just a symptom of the problem.

[chispito]

That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

How? They are domain-verified certs that are issued by an automated process. How does changing their expiration date change anything?

Re:Yes, but that's just a symptom of the problem.

[dgatwood]

That's not entirely true. Other CAs require the owner of the domain to confirm the validity of the request via email. The 90-day renewal period makes that approach more difficult, because nobody would be willing to go through that headache every 90 days. Instead, Let's Encrypt just checks to see if you've managed to convince the registrar or the DNS server to point the domain name at your server. So while they might not choose to do more validation even if there were longer validation periods, they would at least have the option of doing so.

Re: Yes, but that's just a symptom of the problem.

If you can point the DNS name to your server you can receive mails for that domain aswell so email 'verification' adds exactly nothing.

Re: Yes, but that's just a symptom of the problem.

[dgatwood]

Wait... you actually use an email address at the domain as the contact email for the domain? Yikes.

Or do you mean that you can change the email on the domain? Because that may or may not be true, depending on whether you crack the account of the admin contact, the tech contact, or the billing contact.

Re:Yes, but that's just a symptom of the problem.

[lordlod]

So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times that result in them issuing so many certificates each day, not for the number of certificates per se. That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

Or possibly they know something that you don't.

The certificate revocation system is broken, doesn't work. CRLs didn't work for anything but the big sites and have been depreciated. OCSP doesn't work against man in the middle attacks, which is the primary attack vector.

What does work is the expiration date, once a certificate has expired it is safe. So you can improve things significantly by having a short certificate life span, shorter the better. To make this manageable you need to automate the acquisition, essentially build the letsencrypt system. 90 days is a compromise, they have been open about the fact once the automation is smoother that time frame will drop significantly.

Re:Yes, but that's just a symptom of the problem.

[thegarbz]

So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times

Why? The only reason to have long certificate expiration times is to reduce manual labour. When the system is scripted, renewal fully automated and doesn't cost anything, why would you critisize shot expiration times?

Re:Yes, but that's just a symptom of the problem.

[fyrewulff]

The point of the fast expiration is so browsers don't have to carry around ever-growing rejection lists for long-lived certs. If a cert is bad or the encryption model is bad or whatever, it'll expire before it becomes an issue.

Re:Yes, but that's just a symptom of the problem.

No.

What Let's Encrypt does here isn't special or new, except in two senses

1. Let's Encrypt made it more systematic and secure, because they had outsiders working out all the angles since they weren't trying to protect some corporate secret sauce.

2. Let's Encrypt brought the ACME protocol to the table, which makes all this into a protocol anybody can implement

As to other CAs using email, actually that's not by far the most common way to do it, and when it has been used (as it seems it was for your CA) there have been lots of problems:

* Some CAs screen scrape the email address from a JPEG or GIF image on a web site, if they misread a one as an L or O as a zero then they're going to email the wrong person... which is fine unless that other email address works and goes to a bad guy... and yes this has really been exploited. Oops.

* Some CAs send a "quick link" to the chosen administrator address. Just click the link and you're verified.

If you work for many large organisations every email you're sent is automatically checked by the edge devices bought at great expense by your corporate IT security. The devices follow every link in every email you're sent to check for malware. So every "quick link" sent to these corporations is marked "verified" automatically before a human even sees the email...

Re: Yes, but that's just a symptom of the problem.

[PhunkySchtuff]

Wait... you actually use an email address at the domain as the contact email for the domain? Yikes.

Or do you mean that you can change the email on the domain? Because that may or may not be true, depending on whether you crack the account of the admin contact, the tech contact, or the billing contact.

Some CAs will only do email verification to a subset of defined email addresses at the domain in question - e.g. hostmaster@example.com, postmaster@example.com etc.

You can't have it both ways.

[acroyear]

Either you encourage encryption everywhere and make it easy to get a cert, or you stop nagging people every time they go to a plain http site and say http is just fine.

Pick one.

HTTPS is meant to ensure that your communications are secure. They can help protect you from hitting a site that isn't what it claims to be.

But issuing certs is not some magical means of "vetting" ANYTHING. The very idea is absurd. Anybody should be able to buy and get signed a cert for a site they own. It isn't anybody's job to ask them if they plan to use it for illegal purposes or not. They are not the government police and asking them, expecting them to be, is asking for trouble.

Re:You can't have it both ways.

If there is no "vetting" then why have CA's? Just self-sign and call it a day.

Re: You can't have it both ways.

[Zero__Kelvin]

Because I can create a self signed cert for any domain, even if I don't own it. I can't get a letsencrypt one unless I can prove I control the server at the domain.

Re:You can't have it both ways.

[acroyear]

Vetting, as this article describes it, is verifying that the site asking for the cert is not intending to use it for nefarious purposes. Its lying about how CAs work in order to direct people to the pay services and away from LetsEncrypt.

Follow the money: he's using FUD tactics to direct people to pay services by saying that you can't trust the sites that use the free service, in order to try to get the vendors to stop accepting those certs.

But that's different from anybody throwing out a cert on a site claiming to be what it isn't because they hijacked the domain (briefly) but don't have proof of ownership necessary to get a CA to give them a valid cert for it.

Re: You can't have it both ways.

[Cramer]

If I'm your ISP, that's a very small hurdle.

Re: You can't have it both ways.

[Zero__Kelvin]

Someone who owns the server owns the server. It is a small hurdle to anyone regardless of ISP.

Authentication and encryption of a domain v entity

You get can certificates that authenticate a business or organization. That isn't what a basic certificate does. It just authenticates your access the site of the domain your accessing. It's totally valid for you to have payai.com and PayPal, Inc to have paypal.com. It's up to the user to look at the browser to verify both the connection is encrypted and somebody has authenticated the organization or business.

If you go to http://www.tdbank.com/ you'll notice the browser shows the owner as The Toronto-Dominion Bank (CA). The domain has been vetted as being owned by this particular business. This isn't 100% either mind you. It's not that hard to register a business legally. But.. some level of vetting has gone on.

If you go to https://www.librecmc.org/ you'll notice the browser doesn't show the owner. It just shows it's encrypted. It's up to you to decide if librecmc.org is in fact the right domain and whether or not its actually controlled by those who purport to own it. https://www.librecmc.org is the valid domain by the way of the LibreCMC project. A free software embedded distribution similar to OpenWRT and Leede.

greed..

im sure they took same math class as music indystry. 100.000x259$
oh! we are loosing 259.000.000. that makes sence. now lets cry about it and get some support for our lost money and scare some tech and number illiterate people.

Re:greed..

Lithuanian spellcheck isn't for English. Twit.

BS

[duke_cheetah2003]

Calling BS on this. There is nothing inherently wrong with issuing certs. Regardless of who issues those certs, they can only be used to create a secure identified connections between a user and a server.

They definitely do not facilitate criminality any more than Apache2 does. This is just pure silliness. There's nothing wrong here. Bad guys can get certs from other sources just as easily as anyone else. They can get them from Let's Encrypt, too. So can everyone else. A certificate doesn't facilitate illegal activity. It's just for a secure connection.

Something tell me there's more to this than simply crying wolf about bad guys getting certs easily. Someone obviously would prefer that web hosts, big and small, don't get cheap (or free) certs to secure their connections from prying eyes.

While the justification might be 'bad guys are abusing this,' I'm still calling BS. Someone (or some *cough* three letter agency) is annoyed that people can easily secure their servers.

I'd go as far as to say, Let's Encrypt is having precisely the effect it sought to have. More secure connections on all HTTP traffic across the web. Anyone can TLS up their servers now with very little effort. Good job, Let's Encrypt, you're having a profound and ultimately awesome effect on the web's privacy and shielding from prying eyes. And that effect is a good one, especially when people are crying 'omg it's too easy to get certs now!' Good. Nothing like a very secure connection to give the middle finger to three letter agencies.

Re:BS

[thegarbz]

Not only is it BS, it's the exact opposite.

Having in the past gotten a DV certificate through a normal vendor and now getting them through LetsEncrypt, it is quite clear that the process for LetsEncrypt is far more robust (actual proof I have access to the server by modifying it's contents as part of the handshake) than what most other CA's offer which for DV is based on little more than faith, and for EV based on talking to someone in an Indian call centre who can't understand you anyway.

Re:BS

I dunno man, Apache2 facilitates a whole lot of criminality.

Re:BS

[houghi]

The thing is that many companies (e.g. banks and government sites) have been saying that you should look to see if you see a lock, as if that would mean that the connection is safe.

The thing is that that is NOT the case. Secure and safe are not interchangeable.

Re:BS

[tlhIngan]

The thing is that many companies (e.g. banks and government sites) have been saying that you should look to see if you see a lock, as if that would mean that the connection is safe.

The thing is that that is NOT the case. Secure and safe are not interchangeable.

Therein lies the problem. Far too long we've conditioned users to look for the lock. And now practically every site has a lock.

And therein lies a BIG problem if you use LetsEncrypt. Because a good chunk of LE certificates go towards phishing sites (notably Paypal), there's a really good chance that someone somewhere will simply block LE certificates as a anti-phishing measure. I mean, with like 95% of the sites being phishing sites, that's a really big target,. and the remaining 5% are sites that "normal people" don't usually care about.

It's only a matter of time, really.

False association.

[Gravis+Zero]

The problem here has nothing to do with encryption and everything to do with the fact that companies have pushed the idea that if a connection is encrypted that the site is legitimate. The only thing that encryption does is ensure you connection cannot be spied on. The idea that encryption should be reserved for certain people is patently absurd.

Stop telling people that encryption equates to legitimacy and the problem is resolved.

Re:False association.

[billyswong]

Yeah, most phishing attack aren't even through MITM attack or eavesdropping, but social engineering. Companies should make sure their website name is stable and consistent, not branching into so many domains. If each company use the same domain for every web pages they have, then phishing attack would have been a lot more difficult already, as users can immediate recognize a cheap fake site, while those do MITM can be arrested as they leave more criminal evidence.

But no, first multi-national companies use one domain per countries, then company local branch use one domain per product or service or the latest seasonal promotion, and so on and so on.

What does "speedy" have to do with it?

Would a delay in issuing certificates change anything?

Anyway, the notion that an HTTPS certificate says anything about the site being trustworthy is a stupid mistake. All it says is that you are indeed connected to the paypa1 site that you chose to connect to and whose url is displayed in your address bar.

We've been through all this in the protracted discussion about whether Letsencrypt should issue certs for International Domain Names (i.e. special characters). I had to wait years to get a cert for my domain, for the only reason that it happens to be punycode. The consensus was that spoof domains should be prevented by registration authorities, not by a company that merely offers a free service on these domain names that has nothing to do with the respectability of the content they host.

It's called Let's Encrypt, not Let's Trust

That green secure lock on the upper left does not imply that you should trust who you're connected to, particularly if you've never been there before. LE says, "the server that has this cert has demonstrated that they control of the domain you're connecting to" and that's all that should matter.

Should I trust that bank with my money?

Hmm, let's see. They have a lock on their door. Seems legit.

Have two cert grades

[Eravnrekaree]

Lets Encrypt verifies ownership of the domain. If you see the secured indicator in the browser, its a gaurantee that your actually talking to the server of the people who own that domain. So, if people watch out for the right domain as well as the secured indicator, it provides additional safety. So, people need to know the domains of critical sites they might use, and look carefully at that domain name. This is true as well, if there were no TLS being used. TLS provides additional gaurantees you really are talking to that domain and that no one is listening. Lets Encrypt makes things much more secure, rather than less security than before. However, certs with stronger vetting would verify ownership more of the domain a well as the certificate, maybe making sure that the domain is not hosting a malicious site that is spoofing a real bank or something.

There is a solution to this: have two grades of certificates, one with one star free certicates based on the Lets Encrypt model, for low risk sites and two stars for high risk.

Lets Encrypt, would not be an issue at all, furthermore, providing we do this: It might be a good idea, to have multiple security levels in the indicator, maybe one star for a Lets Encrypt type cert, maybe two stars for more intensive verification methods. this would allow the easy availability of Lets Encrypt to continue, but for banks etc to apply for the second star certificate for higher level of verification.

For many sites, like the personal website, Lets Encrypt is fine, without it those sites wouldnt encrypt anyway since its not worth the vast sums for a certificate from one of the commercial providers. For a bank, getting a cert with stronger vetting might make sense, and there is a better trade off for them to do it.

You could then train users to look for one star for low risk sites, two stars for ecommerce and banking stuff.

Re:Have two cert grades

There is a solution to this: have two grades of certificates, ....

There is already that kind of arrangement. Lets Encrypt issues DV (Domain Validated) certificates, and quite short lived because validation is fully automated and contiains potential risk being abused.

The other two commonly used server/client certficate types are OV (Organisation Validated) and EV (Extended Validation) which requires much more careful vetting of the applicant before issuing the cert.

You can find information about certificates, set baselines, requirements of vetting etc. coordination effort from CA/Browser Forum.

More than ever we would need a method of restricting who and which CA's are able to issue certificates for which TLD's. We are still in situation where whoever CA can issue certificates for whatever domain names they like and that's really what would need to be fixed ASAP.

ps. IMHO - Trusting Lets Encrypt certificates is just a tiny improvement of situation all of us turning off browser warnings about self signed certificates. It doesn't make things much worse or better . But if security matters you should uninstall or remove Let's Encrypt CA from your client and accept that you at least get warning that the issued certificate is not trusted. You really don't know who is the other party and you should not trust by default but make justification case by case accepting each server certificate each time and consider not saving certificate unless it's your own service which you manage yourselves.

Re:Have two cert grades

> The other two commonly used server/client certficate types are OV (Organisation Validated) and EV (Extended Validation) which requires much more careful vetting of the applicant before issuing the cert.

Yep yep yep. And browsers treat OV/EV certs differently than DV certs; the name of the organization is printed in the address bar!

> Trusting Lets Encrypt certificates is just a tiny improvement of situation all of us turning off browser warnings about self signed certificates.

LE is a _huge_ improvement over self-signed certs; large numbers of people will actually _use_ LE certs, whereas very, very few people would deploy a self-signed cert for anything other than internal or testing servers. Anything that increases the percentage of services that use solid transport encryption without weakening the guarantees of that encryption is a good thing.

Re:Have two cert grades

The validation is a joke. A co-worker obtained a quite strongly verified certificate for signing windows kernel drivers. This was used for signing the driver of a product, but would also be useful to malware authors to load a rootkit driver without a kernel exploit*. Basically he got a call on his cell, on a number he gave them that was not related to the company at all, and was asked some basic questions about the company that anyone capable of using google could find.

*: not very difficult in practice, you can load any existing signed driver with a known exploit and use that to disable signature verification. Then you load the unsigned rootkit. This method can't be patched, as long as you have a copy of the signed driver with the exploit you can keep using it.

Re:Have two cert grades

[thegarbz]

There is a solution to this: have two grades of certificates

You're right. There is a solution to this. It was developed 12 years ago in the form of EV certificates and has been in use for a long while along with a far better indicator than the one you proposed:

If you go to https://www.slashdot.org/ you will see a little green lock and the word "Secure"
If you go to https://www.bankofamerica.com/ you will see a little green lock and the words "Bank of America Corporation [US]"

No need for any fancy domain name URL checking.

Re: Have two cert grades

You don't seem to get it. If you don't know who's on other end, encrypting transport doesn't add up that much security. Actually it's worse as user may think to be safely connected but there is MITM going on all the way.

About the same transport security would be achieved making self signed certificates easier to be created an deployed. And the benefit would be there would not become unfounded trust to something which trustworthiness is unknown.

Re: Have two cert grades

Shhh. No one said encrypted means legit site. Apples and oranges you silly cunt.

Re: Have two cert grades

Ok smarty, what's the purpose of encryption if not security? Encryption for sake of fun of having it?

Let me make a fair point. Stop asking raping https and have a separate httpe-protocol which has bare encryption without any guarantees whose on the other end.

Re: Have two cert grades

With a LE cert there cannot by a MITM which there can with a self signed cert.

Re: Have two cert grades

> Actually it's worse as user may think to be safely connected but there is MITM going on all the way.

That's not how TLS works. TLS protects data in transit against men in the middle. As long as the CN matches the hostname of the host you're connecting to and the cert presented is signed by a CA that you trust, then you _cannot_ be affected by a MiTM.

TLS does NOT protect against malicious endpoints. Both endpoints have access to the PLAINTEXT. TLS only secures the link between the two endpoints against snooping and tampering.

You don't call a malicious endpoint a "man in the middle". That's not what that phrase means. A "man in the middle" is someone OTHER than the person you're talking to that's intercepting your communications. If your conversation partner is malicious, then that's a malicious or deceptive peer.

Re: Have two cert grades

> Ok smarty, what's the purpose of encryption if not security?

Your threat model cannot reasonably be "Every possible threat _ever_.". If you try to defend against _everything_, your solution will be unwieldy (at best) and prohibitively complicated.

> ...without any guarantees whose on the other end.

HTTPS gives reasonably guarantees about the identity of your peer. If CN matches the domain name of the site that presented the TLS cert, and the cert is signed by a CA that you trust, then you're reasonably certain that your peer is authorized to communicate from a machine associated with that domain name.

It's simple, really. You're just poorly informed about HTTPS's security guarantees.

JUST SO YOU KNOW, SLASHDOT USES

Let's Encrypt! Cheapos!

You don't have to wonder

[rsilvergun]

they've got strong ties to a fairly oppressive government.

Re: You don't have to wonder

Yes. The United States.

Broken CA model

If CAs were so great, how is it that microsoft.com and google.com certs have been created by approved CAs multiple times over the years?

What is to prevent a state or govt who runs the network from setting up a CA and controlling DNS so they can MITM any domains they like?

NOTHING.

The true risk comes from govt owned and managed internet providers. That happens in places we all expect, but also in so-called "democracies" too. If the govt has control over most of the networks in/out of a country, end users are screwed.

So - why don't I care about Let's Encrypt? If a cert comes from there, I know it is purely about encryption, not any real attempt for security. I'm comfortable with that. Looking forward to getting a few wild-card certs for my domains. That will make reverse proxy setups much easier.

Utter bullshit

This is utter bullshit from the CAs that aren't making money selling basic certs for HTTPS anymore.

To get a cert from Lets Encrypt you have to prove you own the domain by putting a specific file in yourdomain.com/.well-known/acme-challenge to prove you have ownership of the domain and server. Their servers request this file before they will issue the cert. If you don't have access to place that file then you can't prove you own that domain. If you don't own that domain but have access to place that file, well your domain and server are fucked anyways lol.

If you are using the automated script you don't see this since everything is done for you. But if you go to https://gethttpsforfree.com/ and generate your cert manually you'll see exactly how the process works.

Also if anyone is to be blamed for this HTTPS cert mess, it is the browser makers who make a site using a self signed cert appear to be even less secure than just plain old HTTP. We could have had a fully encrypted web decades ago using self signed certs if it didn't throw up alarms and make you jump though hoops to access a page encrypted with a self signed cert.

What has caused this mess is lumping the encryption of the traffic with validation of the owner of the site. ALL HTTPS traffic should be considered secure from the aspect of the actual data transfer is encrypted. They need to come up with some other method indicating a cert that confirms ownership validation rather than the "if its a green padlock all is ok"

Possibly what should be done is for any cert that provides for an encrypted transport display nothing, other than an error if you access an https site that doesn't actually serve encrypted content. Keep the green padlock for site validation purposes since this is what has been taught to every grandma on this planet.

Re:Utter bullshit

To add onto my previous post, because of the method they use to validate ownership of the sites is the reason they do not issue wildcard certs since it is very possible that site1.mydomain.com and site2.mydomain.com could very well be owned by different people.

You can put multiple sub domains into a single lets encrypt cert. I personally do this and have 5 sub domains in the one that I use. However you have to prove you can place that file in /.well-known/acme-challenge on all of the sub domans that you get the cert for.

There was a story that they may start offering wildcard certs sometime next year. I am not sure how they plan to prove ownership for such a cert. I do wish that they would provide certs that are valid longer than 3 months. It is a real PITA to generate one of their certs with multiple sub domains when those multiple sub domains are separate servers and you have to manually generate it with the https://gethttpsforfree.com/ site, and then go and manually place the validation file on each of the servers/devices.

CAs aren't the domain police

[tepples]

it was assumed that CA has an Authority to verify that this website is who it claims it is.

And when the only claim in question is "this site is operated by the same entity that owns the domain", a CA offering domain-validated certificates has an Authority to verify this claim. Let's Encrypt does this through either a cleartext HTTP connection to the server or DNS TXT records. Verifying whether the domain owner ought to continue to own that domain, or that the domain is not misleadingly similar to the name of a large business, is outside the scope of a domain-validated certificate.

Re:You are aware...

[duke_cheetah2003]

That they can break TLS. This just makes it computationally harder for them, not impossible.

First of all, TLS has many and growing number of encryption methods and key exchange mechanisms. I have no doubt SOME of those methods are broken or easily broken into. Others are not so easy, and ridiculously computationally expensive to unwind. And there are always better ones being added as they are invented.

Additionally, the more encryption that is out there operating in the field, the more computationally expensive it's going to get to a) find data you're actually interested in, and b) decrypting that data. Casual peeking is no longer viable if EVERYTHING is encrypted, whether it be difficult to break or not. You have to decide what to break into.

Because LE doesn't offer OV or EV certificates

[tepples]

Why hold one CA to a completely different set of standards than every other CA?

Because most other major CAs that offer domain-validated (DV) certificates also offer organization-validated (OV) or Extended Validation (EV) certificates for a higher price. Let's Encrypt does not.

Then go get the CA/Browser Forum to amend their requirements that all CAs and web browser makers follow.

Or write a browser extension to trust DV certificates less. Then you'll get a green bar on Twitter but a warning on Facebook. Comodo's Dragon browser, for example, has included something like this, displaying a warning the first time the user visits a site using a DV certificate. The warning's text begins as follows:

It may not be safe to exchange information with this site

The security (or SSL) certificate for this website indicates that the organization operating it may not have undergone trusted third-party validation that it is a legitimate business. Although the information passed between you and this website will be encrypted, you have no assurance of who you are actually exchanging information with[...]

Re:Because LE doesn't offer OV or EV certificates

Warning Fatigue dude. The Comodo browser will tell you that almost everything might be dangerous, but humans can't do anything useful with "almost everything might be dangerous".

Also, "legitimate" is a weasel word. Trump University was a "legitimate business". How much did they settle for? Enron was a "legitimate business" and after it has destroyed millions of dollars of value, crushed some big companies and lots of individuals all the principles were freed on appeal, but again, is this what you have in mind when declaring something _not_ to be dangerous?

Re:Because LE doesn't offer OV or EV certificates

[tepples]

humans can't do anything useful with "almost everything might be dangerous".

Of course they can. They can opt into the walled garden of Nintendo, Sony, Microsoft, or Apple, for example, which in theory allow only vetted businesses to publish on their platforms.

I need more sleep...

said Joan Jett, director of audit and compliance at Pixar... Josh Ass, executive director of the Internet Security Research Group...

What's wrong with DNS verification?

I don't see a problem with setting a txt record to a public key, then all the client has to do is sign something sent by letsencrypt with the private key.

No having to update DNS records every time you need a new cert.
No having a compromised webserver allow fake certs to be issued.

DV requires intercepting more connections

[tepples]

If there is no "vetting" then why have CA's? Just self-sign and call it a day.

Self-signing allows any ISP to intercept your connection and act as a man in the middle without your knowledge. A domain-validated certificate requires an attacker to intercept not only your connection to the web server but also the CA's connection to the domain's DNS server days or weeks earlier when the certificate was issued.

Re:DV requires intercepting more connections

If there is no "vetting" then why have CA's? Just self-sign and call it a day.

Self-signing allows any ISP to intercept your connection and act as a man in the middle without your knowledge. A domain-validated certificate requires an attacker to intercept not only your connection to the web server but also the CA's connection to the domain's DNS server days or weeks earlier when the certificate was issued.

Self-signed certs force encryption, so I'm not sure how an ISP would able to crack that encryption any easier than a certificate authority issued cert. The problem with self-signed certs is there is no mechanism that requires the cert owner to actually control the domain the cert, no way to ensure the server you are connecting to actually is who it ways it is.

Balderdash.

[HBI]

TLS conveniently tells you the encryption technology in use.

RSA is toast. ECC is debatable in terms of security, and with quantum computers in practical use now, may be completely owned. We just don't know for sure. So what's your "beyond ECC" technology in the hopper that makes you think we are secure?

Stop trying to fool the plebs that this is anything but a speed bump. Or perhaps you don't realize this yourself.

Re:Balderdash.

[duke_cheetah2003]

Stop trying to fool the plebs that this is anything but a speed bump. Or perhaps you don't realize this yourself.

Not so sure that is true. Look at the examples of breeches in security we read about from time to time, including breeches in darknet security, and other illicit sites.

All of these breeches were achieved by social engineering, or someone making an oops, and LE swoops in. In some cases, we're seeing LE operate the illicit sites themselves to harvest data.

This is the important clue. They seem to need to get on the inside somehow, to get any data. This tells me, they're either incapable of breaching security through brute force, or they're not showing that they can.

Considering how underhanded LE will get, they will get very close to the line in many cases, I highly doubt if they could break encryption as easily as you and others seem to think they can, they would, regularly, and overtly to catch bad guys. They've already shown they will go to extraordinary lengths without breaking encryption.

While the paranoia might be warranted, I'm not entirely sure the situation is completely useless. There's safety in deployments, as I said before, more adoption of secure connections, unless this is just totally trivial to break, then more is better, even where it's not needed. If it's trivial for them to break, we may as well go back to plain text, is that your message here?

Re:Balderdash.

[guruevi]

Take your tinfoil hat off, RSA and ECC with 1024-bit keys and beyond is more than safe enough for the foreseeable future. Use 2048 or 4096 bit if you're paranoid. We have no quantum computers that can break these codes just yet, we actually have no idea whether it's even possible to make them.

Re:Balderdash.

RSA is toast. ECC is debatable in terms of security, and with quantum computers in practical use now, may be completely owned.

Do you have a source for that? I'd be very interested in any information about breaks in RSA or ECC or successes at using quantum computers.

Re:Balderdash.

TLS conveniently tells you the encryption technology in use.

RSA is toast. ECC is debatable in terms of security, and with quantum computers in practical use now, may be completely owned. We just don't know for sure. So what's your "beyond ECC" technology in the hopper that makes you think we are secure?

Stop trying to fool the plebs that this is anything but a speed bump. Or perhaps you don't realize this yourself.

I think you're confusing your ciphers. RSA isn't toast, its future is in question due to quantum computing factorization algorithms approaching feasibility, and ECC is a question mark. We think it's safe even from quantum computing, but you never know until the exploit shows up. I don't understnad quantum computing well enough to make a claim there. I think nobody does, it's still too young.

Re:Balderdash.

Take your tinfoil hat off, RSA and ECC with 1024-bit keys and beyond is more than safe enough for the foreseeable future. Use 2048 or 4096 bit if you're paranoid. We have no quantum computers that can break these codes just yet, we actually have no idea whether it's even possible to make them.

We do know RSA is breakable in polynomial time with a big enough (as in number of bits in its registers) quantum computer. What we don't have yet, is big enough quantum computers. Nobody knows for sure whether they're feasible (some say they're not), but progress is being made constantly, so it's quite likely that RSA has its days counted.

ECC on the other hand, there's no such algorithm, so we don't know. It seems, a priori, to have a safer future than RSA.

Checks and Balances

[thegarbz]

To start with the second word, there should not be any "balances" in place when issuing DV certificates. It's not up to the CA to "balance" anything. A DV certificate achieves one purpose only beside facilitating encryption: certify that the server you are talking to is actually the one addressed in the URL. Nothing more. A DV certificate has nothing to do with the person or the company owning that server. It has nothing to do with the person who registered the domain. It is purely there to say the computer sending you files claiming to be slashdot.org is actually slashdot.org.

The best way of checking this is to actually force the server itself to prove that it is in control of its own URL > by modifying the contents on the server. That is precisely what Lets Encrypt does. This is far better than any human interaction, and far better than some confirmation email sent to some address in some unverified whois record, both methods which are used by traditional CAs.

Not only do Lets Encrypt have proper checks in place, they have better checks than any other CA currently issuing DV certificates. Kaspersky can go pound sand, especially when proving that he either doesn't understand this security process or that he has financial incentive to be wilfully deceitful about this security process.

My first response is "Fuck them"

[Chas]

Okay Google (and their lickspittles at Mozilla) decide to wall off stock http sites behind "danger" messages.
So anyone providing more than a cursory "I love me" page website has to run out and get a cert.

Let's Encrypt steps up and makes the process easy and mostly seamless.

Now people are bitching because they didn't draw out the process and make it more painful.
And they're worried about how a security mechanism can be used to make people LESS secure.

Maybe someone should have thought their way through this BEFORE making https and certs essentially MANDATORY.

Green bar and Cert types

[FeelGood314]

There are a number of things wrong in the comments so let's clarify them. There are three types of certificates: Extended Validation, Organization Validation and Domain Validation. The green lock only appears for sites with Extended Validation. Extended validation requires the site owner to prove they are a real company, really do own the name in the domain name, i.e. they are not spoofing something, that the DNS record is correct and that they control the domain. These are usually $250 - $500. Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock. Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock. It is valuable in that, it prevents man-in-the-middle attacks and ensures that your communication is encrypted, however you have no assurances as to who is behind the domain. Domain Validation certs are usually free. Let's Encrypt only issues Domain Validation Certificates

There is a list of requirements for CAs to obey for granting certs and they are stringently audited and then the auditors are audited. (and one auditor has failed). The EV audits are extremely thorough. Further any EV certificates that are issued now have to be added to a certificate transparency log https://en.wikipedia.org/wiki/..., so all EV certs that have been issued are publicly viewable and now auditable by everyone. (the log is a merkle tree so inclusion in the tree is easy to find and undetected changes are impossible).

Conclusion: If you are going to a website that you expect to be secure for banking or from a reputable company and the lock isn't green then you are likely visiting a spoofed or compromised page. If you are visiting Joe from down the streets cat pic site a DV cert is good enough.

Re:Green bar and Cert types

Firefox is showing the green lock for this site and clicking it says that the ca for slashdot.org is Let's Encrypt. Based on what you wrote, what am I missing here?

Re:Green bar and Cert types

I do NOT get the green bar for this site and it definitely isn't an EV cert, just a standard lets encrypt one. Either your copy of firefox is borked or maybe it has been compromised? either way you should not be seeing green for this site.

Re:Green bar and Cert types

you are missing using a decent browser. Firefox is shit with its handling of EV and SSL and makes it difficult for the user to differentiate. basically a green lock just means it is secure. other browsers either make the whole bar green like MS ones when it is EV or add additional information like secure and the company is known like opera.

Re:Green bar and Cert types

[thegarbz]

The green lock only appears for sites with Extended Validation.

No it doesn't.

Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock.

Yes it does.

Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock.

Yes it does.

Your advice is only true for users of Microsoft browsers and covers 20% of the market share. The green lock is provided to any encrypted connection with a valid certificate chain in Firefox, Chrome, and Safari. The entire concept of telling people to look at a colour or a symbol was completely stupid in the first place as colour doesn't convey information of "who" but only "what". If someone incorrectly gets an EV certificate due to an oversight at a CA (happens often enough) then this can be identified with actual text but not with colour alone.

Modern browsers use the colour to identify encryption and certificate validity and then use actual verified text to identify the organisation the certificate was issued to (for OV and EV certs).
e.g.
https://www.slashdot.org/ - Green lock "Secure"
https://www.bankofamerica.com/ - Green lock "Bank of America Corporation [US]

The outlier is Internet Explorer 11 and Edge which only uses the green colour on an EV certificate, but otherwise still provides EV information in the address bar like all the other browsers.

What's wrong with the way Let's Encrypt validates?

What's wrong with the way Let's Encrypt validates? It just makes sure example.com does in fact lead to the server your running the check on. What more validation do you need? It's just crypto. it is not a business license or something their offering.

the real problem

To justify crazy prices and markups (I have seen over $1,000 for a certificate) many companies told a story that was not true. They implied that if a site had a certificate that site was somehow to be trusted. Now let's encrypt comes along and show everyone that, actually, all that a certificate was supposed to do was to encrypt the communication between the client and the server and confirm to the client that the server it was connecting to was in fact that server it thought it was. Nothing more, nothing less.
Is that a problem?
Only to Certificate Authorities that see their business model disrupted.

Certificate public database?

[manu0601]

Where is this certificate public database? How can I query it?

Re:Certificate public database?

[GumphMaster]

https://letsencrypt.org/certif... under the heading "Certificate Transparency"

Re:Certificate public database?

https://crt.sh/

It uses SQL style wildcards (%) so you can search e.g. %.slashdot.org.

Re: Yes, but that's just a symptom of the problem

If you can dns spoof the domain you are aquiring the cert for you can dns spoof the domain of the contact mail for said domain. This should not be a surprise!

So what's the big deal?

[JThaddeus]

It's not like I ever saw a serious attempt at verification from VeriSign, Thawte, or GoDaddy in the 15 years I had to get code signing certs. It's a racket.

Re:So what's the big deal?

[AHuxley]

The change in the way malware connects.
In the past it would be easy to understand that strange new connection from deep within an OS or network due to a lack of encryption.
It looks the same on every computer or network.
With lots of new encryption products that malware gets more places to hide as something the user could be encrypting.

2 tier SSL

It seems to me that we need to move to a 2 tier SSL system. Tier 1 would just provide encryption and would be easy to get. Tier 2 would provide encryption and validation that the remote server is who they say they are (like current SSL certs do).

Secure Remote Password

[aberglas]

The purpose of Encryption is to sell people Certificates. Thus Let's Encrypt is destroying the Purpos of encryption.

Very few people check the URLs. So the whole thing is pointless. EV certs do nothing but ensure that PayPalThieves.com is really owned by those thieves.

There is a technical solution. It is called Secure Remote Password (SRP). https://en.wikipedia.org/wiki/....

Or even just nonce based passwords where the password entered is not sent to the server or its JavaScript.

But nobody does this. Because at the end of the day nobody cares about security other than security vendors that would hate a solution to Phishing.

Re:You are aware...

[guruevi]

In theory it's possible to break everything, given enough time. A single TLS session may take a few decades to break, how many of those do you want to break per day? It's unfeasible to break TLS except by very targeted MITM attacks (downgrading etc) by badly configured browsers and web servers.

Re: Yes, but that's just a symptom of the problem

[dgatwood]

Who said anything about spoofing? Suppose an attacker manages to crack into one of the servers that provides a domain's DNS. That same server won't provide DNS for the domain that hosts the tech contact's email.

No, from a security perspective, checking only that you control the web server is much, much weaker than checking to see if you're the tech contact for the domain, and IMO, they should never have been allowed to cut that corner. The only reason they had to do that was that they made the decision to use 90-day certs under the bizarre assumption that servers are constantly getting compromised and their keys stolen, and that limiting the window in which stolen certs can be used is more important than preventing someone from creating a fake, valid cert for a domain that isn't getting constantly compromised.

Unfortunately, that decision led to weaker verification, and worse, the same flawed logic led to the clients rekeying every time they recert, thus preventing key pinning (another security technique intended to prevent attackers from being able to spoof domains). So all the problems that I have with LetsEncrypt from a security perspective stem from basically the same bad decision, give or take.

Doesn't add up

If they are now only issuing 100k per day, that is a significant drop from the 100 million in the previous year.

Broken from the start

encryption and source verification should have been different concerns.

Visit a site via SSL without a cert? No problem, browser informs user that connection is encrypted.

Visit a site with a certificate, browser informs client that website has been verified as belonging to the company that it claims to be.

The requirement to pay and deal with certs caused more people to NOT encrypt because they just didn't want to deal with it.

But since we live in a world where if you encrypt without a cert you freak out the user with a scary warning, this is what we get.

MITM instead of breaking encryption

[tepples]

Self-signed certs force encryption, so I'm not sure how an ISP would able to crack that encryption [...] The problem with self-signed certs is there is no mechanism that requires the cert owner to actually control the domain the cert, no way to ensure the server you are connecting to actually is who it ways it is.

You answered your own question. Instead of letting a subscriber connect to a server with a self-signed certificate, the ISP would intercept the connection, act as a server to the subscriber, and act as a client to the real server. Browser publishers warn for self-signed certificates but don't warn for DV certificates because they have agreed that https in the scheme means some level of verification that the domain and server share control.