Let's Encrypt Criticized Over Speedy HTTPS Certifications

100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "
The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

Strawman criticism

[QuietLagoon]

Kaspersky Labs needs to get some good press, so they create a strawman reason to criticize Let's Encrypt and then start blogging. As Let's Encrypt says, "its role is not to police the internet, rather its mission is to make communications secure." One has to wonder why Kapersky Labs has a problem with that.

Re:Strawman criticism

[nnet]

Security theater. To appear to agree with gov's position on encryption, kaspersky is trying to appear to be on the same side, regardless their recent bad PR.

Re:Strawman criticism

[arglebargle_xiv]

It's not a strawman, it's real! Every Let's Encrypt certificate is a potential lost sale to guardians of security like Symantec, TurkTrust, and Diginotar! Let's Encrypt is nothing less than a communist plot to destroy the American computer industry!

Re:Strawman criticism

[KingBenny]

agh ... criminals ... http://rrcc5uuudhh4oz3c.onion/

Re:Strawman criticism

[p0larity]

Considering you need to run a script on your server to prove you own it, what avenue of attack are they not performing due diligence on?

Unless an attacker could poison DNS between Letsencrypt and their fake server, there isn't really any trivial way of spoofing that I could think of.

They could get a URL with visually identical unicode characters, if that's possible. But then that's only valid for that visually identical domain.

I still don't see what they can really do. They are there to serve the little guy who can't buy an expensive SSL cert to comply with new requirements.

Re:Strawman criticism

[Cramer]

That "vow" is paper thin. They make no promises that the cert was issued to a legitimate person. Email, DNS record, and file-on-webserver-somewhere are exceptionally weak means of authentication. Sure, those things are found everywhere, but not in any important places. (that's why banks and phone companies mail your PIN on a piece of paper.) A rapidly growing log file is NOT vetting a damned thing.

And no, they don't leave the "user" to make any decisions at all. Do you know who signed the cert for every HTTPS site you've ever accessed? Even the one's that aren't on the URL bar -- the one's inside the HTML for ad services, or those millions of dumbass social media icons? The simple truth is almost no one bothers to see who signed what. The browser throws up a lock icon, doesn't turn the bar red, and doesn't present any warning dialogs. It makes people think things are perfectly secure when they absolutely aren't. Sure, the traffic is encrypted so anyone at random can't spy on you. However, there is zero guarantee you're talking to who you think you are.

Re:Strawman criticism

[Cramer]

The ability to run something on the server proves nothing -- it proves I can run a CLI command. That does not equal ownership, or authorization. There are hundreds of thousands of sites any script kiddie can break into to run a script, drop a file, add a header, etc. to "prove" who they are. Let's Encrypt certs are on par with self-signed certs (they should not be blindly trusted), except they present no warning to users.

Re:Strawman criticism

[p0larity]

Here's the problem, Cramer. I don't need quite that degree of trust for someone to visit my site.

I understand why we need HTTPS. To prevent people from seeing what you're reading, at a base level, to protect your users' privacy.

What exactly about my public blog posts about web and game development is really going to be a concern here? What kind of MITM attack are they going to perform? There's nothing for the user to trust.

There is no login process for users other than myself. If someone trashes my whole webserver, I have an off-site backup.

Worst case is I need to spin up a new instance.

Why, then, do my users need me to pay for a legit certification just so they can browse my site? I just want to continue to appear favorably in search results, and not pay a fortune for the privilege.

Re:Strawman criticism

[p0larity]

I suppose the solution you hinted at is a good one. In common browsers, maybe the user could be warned that the certificate is an automatically authenticated one.

That way they can make an informed choice. I think that kind of transparency is good here, so long as that doesn't start affecting search result ranking. Or as long as that doesn't suddenly stop your site from being seen at all on some networks because of an overzealous IT admin.

Re:Strawman criticism

[p0larity]

Hmm, just thought about this and if someone takes out a cert and runs the auth script on your server, then they place it on theirs, what do they gain?

If they poison DNS they MIGHT be able to pretend to be your site.

If they can't poison DNS, the cert is invalidated when it's not served up from your domain.

Also: THEY HAVE ACCESS TO RUN SCRIPTS ON YOUR SERVER.

So why go to the trouble to make a cert?

Re:Strawman criticism

[Cramer]

The ability to access your server may be limited -- and the more it's used, the more likely it is to be detected. If one replaces your SSL certificate with a known-to-them certificate, they can decrypt the traffic for your site from outside your server, from points you won't be able to detect or do anything about.

At the end of the day, Let's Encrypt makes the little green lock icon not mean what everybody assumes it does. Just because the packets on the wire are encrypted doesn't mean anything. Sure, a random person on the internet cannot see what that traffic is, or modify it. Random people on the internet aren't the ones to worry about. If the site's traffic is of sufficient value to target, that little lock icon doesn't mean shit; you could still be talking to a bad actor. People see the closed lock and think "nothing can be wrong here", when that's not remotely true.

agreed

"I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

Similarly, I don't think it makes a lick of sense that Google is a "super-authority" in deprecating entire CAs. That's rather close to a mechanism for monopoly.

Re: agreed

That's a large part of why the CA model is broken. CAs shouldn't be competing at all; they're there to provide a service. Imagine if OpenPGP keyservers were competing... There's no reason for it unless you're a bad actor to begin with.

What LE is doing has helped people see that a security cert isn't something you should pay for, and that being signed by a CA doesn't mean anything, especially with the shitty politics Google et al have been playing at the CA level.

The well is poisoned, and the big boys are attacking the people who pointed it out.

Re:agreed

[sexconker]

The fact that Chrome and FF use their own cert stores and update them unilaterally without the user ever knowing is absurd.

The browser should use the cert store on the OS. And the OS should update the certs. (And when MS updates certs, it should optionally present detailed info to the user about changes.)

The entire concept of CAs is built around trust in an environment where none of the actors and powers that be are trustworthy.

Re:agreed

Often the only indication the user has that they are being MITMed is precisely because the browser did not use the OS cert store.

Re: agreed

[hord]

But are we going to get a better cert infrastructure or is everything just going to remain on fire forever?

Re: agreed

[Midnight+Thunder]

At the same time I believe there is a difference between encryption for the target site and a certificate saying the site is owned by the people who claim they do. The standard for the former is likely to be lower than for the latter.

For example I want to know that the data for www.somedomain.mars is encrypted for said site, while for www.mybank.mars it is encrypted for the site and also owned by my bank.

The real question should be what should the expectations of a certificate for a given context and are the checkboxes all checked?

Re: agreed

[corychristison]

Personally I believe DANE is the future of secure websites.

CA's could still be useful for vetting entities and ensuring the domain you are connecting to is owned by the Entity you are trying to connect to.

Much like how Extended Validation certs are made, but the CA's would really need to step up their game.

Re: agreed

[0123456]

"For example I want to know that the data for www.somedomain.mars is encrypted for said site,"

What does that matter, if the encrpytion key was issued by a man-in-the-middle who's now listening in on all your traffic?

Re:agreed

[jaa101]

Why is Microsoft better qualified to maintain certificate stores than Mozilla and Google? It's not like every browser maintaining its own store on a machine is a huge drain on resources. When it comes to security, diversity is a good thing. Or should the UN institute a global authority to maintain a certificate store for use on every browser on every device?

Re:agreed

[guruevi]

What's absurd is that you use someone else's CA store to begin with. I remove CA's I don't interact with. I never had a problem removing things like the Turkish or Netherlands government, nobody uses their certificates.

The problem is that Microsoft is the worst when it comes to vetting CA's because it could impact one of their "enterprise customers". As long as Microsoft puts their higher paying customer before you, they aren't trustworthy.

Re: agreed

[hawkinspeter]

How would a man-in-the-middle get a LetsEncrypt cert for a domain that they have no control over?

Re: agreed

[hawkinspeter]

I was genuinely curious, so thanks for your answer.

If I'm reading your post correctly, it sounds like a BGP attack. I just did a quick check and found that LetsEncrypt does also check previously issued certificates, so if you've already got a (valid) cert for your domain, then it's going to be a lot harder to get LetsEncrypt to issue a cert to the spoofed domain (the attacker wouldn't have the original private key).

Re:agreed

[toddestan]

Errr.... Chrome uses Microsoft's certificate store on Windows.

Re: agreed

[catprog]

How do you protect the first vist?

Re:agreed

[sexconker]

Often the only indication the user has that they are being MITMed is precisely because the browser did not use the OS cert store.

That's not a good reason for multiple cert stores managed by multiple parties. That's like having multiple gates to the same city where the North gate requires one set of ID and the South gate requires a different set.

Re:agreed

[sexconker]

Because it makes sense. No, not all users. But users who care, and most importantly, the choice needs to be made when changes are made, especially to root level certs.

Re:agreed

[sexconker]

Not always. Update Chrome and they'll blacklist/whitelist things in addition.

Re: agreed

[Cramer]

Many, MANY possibilities. BGP hijacking is one of the more complex ways. But compromising the server itself is far more likely. Poorly secured email accounts... poorly secured DNS services... poorly secured cloudflare account... DNSSEC cannot protect you from your own stupidity. (and most/much of the internet ignores it anyway)

Re: agreed

[hawkinspeter]

Okay. BGP hijacking would be valid. Compromising the server would mean that you do have effective control over the domain and you don't even need to do a man-in-the-middle as you'd have access to the un-encrypted data anyway. I'm not sure what you mean by poorly secured DNS services - the challenge/response is performed by LetsEncrypt so DNS poisoning the client wouldn't work very well. You'd have to DNS poison the LetsEncrypt servers which would pretty much be a BGP hijack.

Nonsense

[gweihir]

My boss recently got an ESL certificate from a reputable tier-1 vendor. The validation was a complete joke: A guy with bad English asked him some questions over the phone that anybody could have found the answers to with a bit of work. The only security in place for ESL certs is that they are not that cheap, but that does not help against a targeted attack, because they are not really expensive either.

The bottom line is that certificates weakly ensure one thing: You are still talking to the same site on the next visit. They also ensure that small-time criminals will find it somewhat difficult to eavesdrop. And that is about it. In many cases, self-signed certificates will be more secure than that. The whole certificate-system is a bad joke, created by the utterly incompetent with too much trust and then corrupted by state-sponsored malicious actors. Incidentally, this is not a surprise. Basically all what is broken with the system now was predicted by perceptive people decades ago.

Re: Nonsense

Well of course ESL resulted in bad English

Re: Nonsense

[DigiShaman]

The whole point of encryption is to prevent data being snooped out in the open. Yet the biggest hang up has been the vetting process. In this case, also making the certificate issuer a notary. Why?? Why must SSL certs also be notarized? Why can't that be two different services or certificates. Maybe as a network admin, I want to block all traffic that hasn't been certified as trustworthy regardless of the fact it's encrypted or not. I mean, the point is to stop malware! Otherwise, we can go down the list of creating or subscribing to a trusted whitelist or IP addresses. I'd rather not do that as it's the "nuclear option".

Re:Nonsense

[Zemran]

What bugs me is that before Let's encrypt, if you created an http:/// site all was well but if you made that site a little bit more secure by adding self signed certificates there were warnings on your site and visitors were warned against going there. The bottom tier of CA certificates only differ in that you gave someone money. At that time I only had to reply to an email and add a code to my web site. So there was a disincentive to adding a snake oil certificate that seemed to only be there to get you to part with $50. If you pay more and really do prove who you are the green bar travels further across the browser. The information is there to tell people what level of test you have faced but they should take away the warnings on snake oil certs as they are not dangerous and certainly less dangerous than no certificate.

Re:Nonsense

[phantomfive]

In many cases, self-signed certificates will be more secure than that.

That's a good point.

Re:Nonsense

[adolf]

The theory behind the certificate chains is a web-of-trust sort of theory.

In practice, it doesn't really work that way: Users are either greeted with no prompt and an unsecured connection, a prompt with a secured connection, or no prompt with a secured connection.

That's all the user knows...and that's if they're even paying attention.

(There's a fourth user-case of "The key has changed!!!2!!," but that's something that doesn't generally happen because DNS hijacking is uncommon these days.)

I mean, I'm here at /.. Chrome says "Secure" on the address bar. I can dig deeper and make sure that I'm talking to the /. that I want to be talking to, but I could've done that before with DNS...and I won't bother in any case, since I do not care who sees my /. rants (else, I would not be posting them).

All I really know is that the connection between myself and /. is encrypted, and that eavesdropping is limited.

And that's all I really know about any website, whether banking or otherwise.

Re:Nonsense

[hawkinspeter]

The biggest issue with self-signed certificates is that the client machine cannot verify if the certificate belongs to the domain owner. If you're running a malicious wifi spot, you can do a bit of DNS poisoning to direct your clients to the wrong IP address and then present a different self-signed certificate and perform a man in the middle attack.

A LetsEncrypt cert can only be issued to someone who controls the domain in question and so gets round the man-in-the-middle issue.

Re:Nonsense

[JohnFen]

In many cases, self-signed certificates will be more secure than that.

Yes, this.

I have a (self-signed) CA that I sign all of the certs I used with, and share it with other people I personally know and trust.

I do not really trust certs signed by any other CA, because I don't know them and have no reason to trust them.

Re:Nonsense

[JohnFen]

The biggest issue with self-signed certificates is that the client machine cannot verify if the certificate belongs to the domain owner.

That's why you should use a self-signed CA and use that to sign your working certs, rather than using self-signed working certs directly.

Re:Nonsense

[hawkinspeter]

So how does the client machine know about your self-signed CA? Couldn't a man-in-the-middle attack do exactly the same thing and your client wouldn't know (if it was the first visit) whether it was your self-signed CA or someone else's self-signed CA?

Re:Nonsense

[JohnFen]

Because you've given your root cert to the people who need it. I'm not talking about certs used by random visitors (there's currently no solid solution to that trust problem, as near as I can see), I'm talking about services provided to people who know you and to whom you can directly provide a cert that they trust.

If you've given them a self-signed CA, then you can provide future certs signed by that and they can trust that those certs are really from you, without having to get them from you directly.

This is, by the way, how PKI is supposed to work -- you only trust certs that you have personally verified are from who they claim they're from. Ideally, this is by obtaining them directly, but almost as good is if they've been signed by a cert you obtained directly from someone who you trust is diligent about what they sign.

Public CAs like verisign, etc., are an intentional workaround of the trust system for the sake of convenience. That's why they aren't actually very trustworthy.

Re:Nonsense

[hawkinspeter]

I see. I assumed you were talking about typical websites with random visitors.

Follow the money

[Scutter]

"We're mad because Let's Encrypt makes it way too easy for the plebs to get a certificate without paying hundreds or thousands of dollars per year to a CA."

Re:Follow the money

Also, it's from Kaspersky. After being outed for their cooperation in black programs against the United States, they've got plenty to whine and cry about.

But I'm sure bogaboga will be along any time now to correct the Slashdot record with his usual dose of vatnik propaganda.

Re: Follow the money

[corychristison]

If you know where to look, you can get them for about $4/yr.

Green Bar is the probem.

[Swistak]

I've spent better part of a day to explain to My Mom how to distinguish a safe website from unsafe one. You look at the Green Bar / Lock. Is it green? you are good to give them your name and CC details.

Now I'm going to her and have to explain, that no, things have changed, if you see a green padlock, it no longer means someone at least had to fax some registration papers and pay few bucks so he's traceable. I can already see conversation going: - So you're saying that the green bar no longer means website is ok?
- Yes. Now it has to be a green padlock and a name of the organization, and you have to check it with magnifying glass because it's very easy to mistake l with I. see Mom, there's difference between AlliorBank and AIIiorBank. Do you see it? Do you?

Re:Green Bar is the probem.

[SeaFox]

- So you're saying that the green bar no longer means website is ok?

- Yes. Now it has to be a green padlock and a name of the organization, and you have to check it with magnifying glass because it's very easy to mistake l with I. see Mom, there's difference between AlliorBank and AIIiorBank. Do you see it? Do you?

I think a lot of these phishing problems are caused by people blinding following email links from "their bank" and not learning how to directly browse to a website (instead trusting Google to give them the valid link by searching for their bank's name). There's a pretty easy solution to this: Make a bookmark of the correct site and only use this bookmark to access the bank's site. Will that stop a DNS-based attack? No. But it will be effective against what a large percentage of what causes people to enter their credentials on the wrong site.

Re:Green Bar is the probem.

No need to worry. Your mom passed my penetration test.

Re: Green Bar is the probem.

[Zero__Kelvin]

No. You have to explain to get you misinformed her. You have to tell her that what you initially told her was never true, and you had no idea what you were talking about.

Re:Green Bar is the probem.

[Gravis+Zero]

I've spent better part of a day to explain to My Mom how to distinguish a safe website from unsafe one. You look at the Green Bar / Lock. Is it green? you are good to give them your name and CC details.

Now I'm going to her and have to explain, that no, things have changed

No, nothing has changed about what that green bar means: encrypted connection. You pushed a false idea on to your mother, an idea that companies planted and you blindly accepted.

Re:Green Bar is the probem.

[David_Hart]

- So you're saying that the green bar no longer means website is ok?

- Yes. Now it has to be a green padlock and a name of the organization, and you have to check it with magnifying glass because it's very easy to mistake l with I. see Mom, there's difference between AlliorBank and AIIiorBank. Do you see it? Do you?

I think a lot of these phishing problems are caused by people blinding following email links from "their bank" and not learning how to directly browse to a website (instead trusting Google to give them the valid link by searching for their bank's name). There's a pretty easy solution to this: Make a bookmark of the correct site and only use this bookmark to access the bank's site. Will that stop a DNS-based attack? No. But it will be effective against what a large percentage of what causes people to enter their credentials on the wrong site.

Exactly. I taught my Dad to actually go to the bank web site and never trust links in email, etc. Then you can look for the green lock symbol.
 

Re:Green Bar is the probem.

[svanheulen]

Here, I have a lockbox for you. It's secure, don't worry.... It's full of spiders, but it's secure. I'm sorry you misunderstood what certificates do but they NEVER worked like that. Anyone can buy any domain they want (so long as it's available) and buy a certificate for it. You have always been able to do that. And Let's Encrypt doesn't allow anything more then any normal certificate issuer except.

Re:Green Bar is the probem.

[svanheulen]

*except it's free. (I swear I had that in there... I blame Slashdot eating my words)

Re: Green Bar is the probem.

[Zero__Kelvin]

The S stands secure and has always stood for that. Her CC number will be securely sent to the server in question. Again, LetsEncrypt changes nothing about how all this works. You have no clue. If she connects securely to trumpuniversity.com or does so through http she will get scammed either way. Read the hundreds of other posts here where everyone else already understands this. Time to admit to mom you aren't the ubergeek you let them think you are I'm afraid. Off you go now ...

Re: Green Bar is the probem.

[svanheulen]

You're making assumptions about what "secure" means in this context. It means the communications are secure from 3rd parties. That doesn't mean the website you're communicating with isn't evil. It never has.

Re:Green Bar is the probem.

[Swistak]

Go to the regular CA and try to tregister AIIiorbank.pl, I dare you. I double dare you, and bet 100$ that you won't be able to. With let's encrypt? Sure no probs. Here's a green Bar for you.

and I'd maybe even agree with you if not for the fact that that it says 'Secured' Right there when I click that green lock. Not 'Encrypted', 'Secured'.

Re:Green Bar is the probem.

[Swistak]

Oh. and don't get me wrong. I'm all for Encrypted web. I use let's encrypt myself. Except don't fucking lie to people that website is 'Secutre' If it's not.

Re:Green Bar is the probem.

[svanheulen]

Actually I can't get a certificate for that domain even from Let's Encrypt. You know why? Because I don't own that domain. But if I did own it, I could buy one for $10/yr from my domain registrar. And... "secure"... You keep using that word. I don't think that word means what you think it means.

Re: Green Bar is the probem.

[Swistak]

Oh. But I already own AIIiorBank.pl, you see it's absaolutelly dfifferent from AlliorBank.pl. But I see how you could be mistaken.

Re:Green Bar is the probem.

[barc0001]

> Now I'm going to her and have to explain, that no, things have changed, if you see a green padlock, it no longer means someone at least had to fax some registration papers and pay few bucks so he's traceable.

Things have been changed for a LONG while then. I've been able to get SSL certs with a credit card and no verification outside of an email address from a major vendor since 2009. A wildcard at that.

Re:Green Bar is the probem.

[Swistak]

I'm quite sure you don't know either. The reason we have Certificate Authorities, is because it was assumed that CA has an Authority to verify that this website is who it claims it is. We also used to have a thing called self signed certificates. So if you had a need for encryption, you know you could encrypt. Except. Amount of abuse self sign certs created caused all major browsers to display huge warnigns, somtimes makign you do 3 steps to accept those certificates. And now LetsEncrypt is basically a self-signed-cert, except it is labeled 'Secured' in browser, instead of 'Someone is p[ossibly trying to scam you'

Re: Green Bar is the probem.

[svanheulen]

You keep using capital letters in a domain name. You know that's now how that works right? All domains are always lowercase, and even if you type them in manually your browser will switch it to lowercase.

Re:Green Bar is the probem.

[svanheulen]

it was assumed

There's your problem.

Re:Green Bar is the probem.

You've been corrected no less than ten times now.

So it is safe to not longer call what you falsely believe as a mistake, you are now intentionally lying.

The fact you think secure by encryption doesn't mean exactly that - lie.
The fact you think faxes are somehow required - lie.
The fact you think proof of domain ownership works any different - lie.

You don't care about reality, and you don't care about facts.
At this point please Please stop purposely and intentionally harming an elderly woman for your own profits, you evil heartless scum.

Re: Green Bar is the probem.

[Zero__Kelvin]

You typed the same thing twice, but you have been proved ignorant on this issue by person after person after person. Just accept that you were wrong and apologize to your mother like a good boy ...

Re: Green Bar is the probem.

[hord]

HTTP stands for HyperText Transfer Protocol. I don't remember images being text. Looks like you have tons of things to explain to your mom...

Re:Green Bar is the probem.

[thegarbz]

Now I'm going to her and have to explain, that no, things have changed

Things changed 10 YEARS AGO with the introduction of EV certificates and changes in modern browsers like IE7, Firefox 12 and Chrome 1 in how certificates are handled. You are just a bit slow to catch up.

Re: Green Bar is the probem.

[Zero__Kelvin]

I see now that the issue here is that you have no idea how letsencrypt works. They indeed verify that the person requesting the certificate for the server on the domain controls it. Please learn about LetsEncrypt before continuing to make a fool of yourself.

Re: Green Bar is the probem.

[thegarbz]

NBow I have to explain to her that 'S does not stand for Secure

Of course it stands for "secure". You can rest assured in the comfort that when you type your Paypal password in at https://www.payypall.com/ I or anyone else other than the operators of the scam site are unable to see your password.

Validation of companies was not part of getting an SSL certificate, not until 2005 anyway when the EV certificate was introduced. And it wasn't long after that browsers started displaying EV details differently which is why when I go to https://www.payypall.com/ I see a green lock, but when I go to https://www.paypal.com/ I see "Paypal Inc, [US]" written in the address bar.

Re:Green Bar is the probem.

[thegarbz]

Ugh. Dude. Because S in HTTPS always stood for Encryption right?

The s stands for secure. Your connection to Paypal.com is just as secure as it is to any old scammer who is also encrypting via SSL. No one other than you and your favourite scammer will see your password. You're completely secure.

The fact that the CAs dropepd the ball, does not make the fact that Browsers pushed hard to make it so you can trust a green bar.

Browsers have differentiated levels of security in their green bar for a long time now. You may notice that the green bar looks very different when going to e.g. slashdot.org vs bankofamerica.com.

The little lock (which is what you mean by the green bar because you're not paying attention) has never said that the other side of the connection is trustworthy.

Re: Green Bar is the probem.

[svanheulen]

Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

How is your browser or the CA supposed to know what website you think you're on? Are you saying that they're supposed to read your mind? Secured, in the context of HTTPS, has always meant "encrypted and you're talking to the server associated with the domain/URL you accessed." And yes, this discussion has been had already... and if you didn't notice, no one is agreeing with you.

Re: Green Bar is the probem.

[Ultra64]

>Words have meaning

Yes, and you're getting the meaning wrong.

>Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

That's still encrypted.

Re: Green Bar is the probem.

[fnj]

You keep using capital letters in a domain name. You know that's now how that works right? All domains are always lowercase, and even if you type them in manually your browser will switch it to lowercase.

It would be more correct to state that name lookups for DNS queries must match with case insensitivity. "example.com" is identical to "Example.com", or "ExAmPlE.CoM".

Re: Green Bar is the probem.

[thegarbz]

No. Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

And it does 100%. The word "Secure" and the little lock show up when a server proves via the certificate chain that they are who they are addressed in the address bar. Nothing more.

Your problem is you expect the computer to not follow your instruction, but rather interface with your brain. How is the computer supposed to know that when you address www.bankof4merica.com that you didn't actually want to talk to the scammer but actually wanted to talk to www.bankofamerica.com. If you told your mother the little green lock is proof of that, then you have been giving out very poor advice.

Re:Green Bar is the probem.

[BadDreamer]

It *is* pretty heartless to give your mother incorrect guidelines to follow, and then complain that reality does not conform to your imagined view.

Let's imagine Let's Encrypt vanished overnight. Would that suddenly make your misguided attempts to simplify away parts of reality to your mother more correct?

No, that would not happen. Your advice would still have been wrong from the start. And nothing will ever make your advice correct, because your advice is inconsistent with reality. That is not Let's Encrypt's fault. Nor is it the Slashdot crowd's fault.

It is YOUR fault.

Re:Green Bar is the probem.

[petermgreen]

At least in firefox blue used to mean a DV certificate while green meant an EV certificate. At some point they started using green for everything.

dotdotdot

and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting?

Why hold one CA to a completely different set of standards than every other CA?

The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls...

And how does any other CA prevent this after issuing certificates with the exact same level of proof of domain ownership?

Are you claiming that because it's free that criminals can now finally obtain certificates?
Criminal rings have profits and budgets orders of magnitude larger than most IT departments!
That logic is as ass backward as it possibly could be.

"I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Then go get the CA/Browser Forum to amend their requirements that all CAs and web browser makers follow.

It's completely pointless to say Lets Encrypt isn't allowed to do for free what all the other CAs are still allowed to do for a few bucks.

Encryption bad?

[mwvdlee]

All I want is to have encrypted connections. Why do I have to pay a shit-ton of money for connections to my server to be properly encrypted and not to be treated like a criminal by browsers? Let's Encrypt does this. Yes, they're not verified very well; neither are standard SSL certificate (I know; I bought some with pretty much zero verification).

Re: Encryption bad?

[Zero__Kelvin]

Stop spreading misinformation. They are 100% verified. They verify that the person requesting the certificate for the server in fact controls the server.

Re:Encryption bad?

[ckatko]

Isn't that what a self-signed certificate is for?

Re: Encryption bad?

[corychristison]

Where is this "shit tonne of money" being spent?

Domain Validated Certificates can be purchased for about $4/yr, less if you buy multiple years.

Re:Encryption bad?

[Cramer]

This is the exact same as Bob having someone follow him around to introduce him as "Bob" everywhere he goes. If you don't already know the person doing the intro, we're back to square one. Let's Encrypt is functionally equivalent to self-signing: do not blindly trust. They do effectively nothing to validate the request or requestor. To continue with your example, this is like validating Bob by going to where "bob" says is his house and seeing "him" on the front porch. It's often far too easy for that to (a) not be Bob's house at all, and (b) not be Bob on the porch.

Re:Encryption bad?

[VisceralLogic]

Let's Encrypt verifies that you control the server that responds to the DNS request. So the example is more like Let's Encrypt goes to the address listed in the phone book for Bob's house, and someone let's them in, so they give that person a certificate for Bob's house.

Yes, but that's just a symptom of the problem.

[dgatwood]

One big reason for the volume of certificate issuance is that LetsEncrypt forces you to update your certificates at least once every 90 days. This means that the number of certificates issued is guaranteed to be at least 4x the number that would be issued by a traditional CA, and realistically, more like 12x or even 20x.

So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times that result in them issuing so many certificates each day, not for the number of certificates per se. That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

Re:Yes, but that's just a symptom of the problem.

[king+neckbeard]

The verification is performed by software, the same as any other CA. Less frequent renewals would not result in more through vetting.

Re:Yes, but that's just a symptom of the problem.

[chispito]

That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

How? They are domain-verified certs that are issued by an automated process. How does changing their expiration date change anything?

Re:Yes, but that's just a symptom of the problem.

[dgatwood]

That's not entirely true. Other CAs require the owner of the domain to confirm the validity of the request via email. The 90-day renewal period makes that approach more difficult, because nobody would be willing to go through that headache every 90 days. Instead, Let's Encrypt just checks to see if you've managed to convince the registrar or the DNS server to point the domain name at your server. So while they might not choose to do more validation even if there were longer validation periods, they would at least have the option of doing so.

Re: Yes, but that's just a symptom of the problem.

If you can point the DNS name to your server you can receive mails for that domain aswell so email 'verification' adds exactly nothing.

Re: Yes, but that's just a symptom of the problem.

[dgatwood]

Wait... you actually use an email address at the domain as the contact email for the domain? Yikes.

Or do you mean that you can change the email on the domain? Because that may or may not be true, depending on whether you crack the account of the admin contact, the tech contact, or the billing contact.

Re:Yes, but that's just a symptom of the problem.

[lordlod]

So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times that result in them issuing so many certificates each day, not for the number of certificates per se. That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

Or possibly they know something that you don't.

The certificate revocation system is broken, doesn't work. CRLs didn't work for anything but the big sites and have been depreciated. OCSP doesn't work against man in the middle attacks, which is the primary attack vector.

What does work is the expiration date, once a certificate has expired it is safe. So you can improve things significantly by having a short certificate life span, shorter the better. To make this manageable you need to automate the acquisition, essentially build the letsencrypt system. 90 days is a compromise, they have been open about the fact once the automation is smoother that time frame will drop significantly.

Re:Yes, but that's just a symptom of the problem.

[thegarbz]

So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times

Why? The only reason to have long certificate expiration times is to reduce manual labour. When the system is scripted, renewal fully automated and doesn't cost anything, why would you critisize shot expiration times?

Re:Yes, but that's just a symptom of the problem.

[fyrewulff]

The point of the fast expiration is so browsers don't have to carry around ever-growing rejection lists for long-lived certs. If a cert is bad or the encryption model is bad or whatever, it'll expire before it becomes an issue.

Re: Yes, but that's just a symptom of the problem.

[PhunkySchtuff]

Wait... you actually use an email address at the domain as the contact email for the domain? Yikes.

Or do you mean that you can change the email on the domain? Because that may or may not be true, depending on whether you crack the account of the admin contact, the tech contact, or the billing contact.

Some CAs will only do email verification to a subset of defined email addresses at the domain in question - e.g. hostmaster@example.com, postmaster@example.com etc.

You can't have it both ways.

[acroyear]

Either you encourage encryption everywhere and make it easy to get a cert, or you stop nagging people every time they go to a plain http site and say http is just fine.

Pick one.

HTTPS is meant to ensure that your communications are secure. They can help protect you from hitting a site that isn't what it claims to be.

But issuing certs is not some magical means of "vetting" ANYTHING. The very idea is absurd. Anybody should be able to buy and get signed a cert for a site they own. It isn't anybody's job to ask them if they plan to use it for illegal purposes or not. They are not the government police and asking them, expecting them to be, is asking for trouble.

Re: You can't have it both ways.

[Zero__Kelvin]

Because I can create a self signed cert for any domain, even if I don't own it. I can't get a letsencrypt one unless I can prove I control the server at the domain.

Re:You can't have it both ways.

[acroyear]

Vetting, as this article describes it, is verifying that the site asking for the cert is not intending to use it for nefarious purposes. Its lying about how CAs work in order to direct people to the pay services and away from LetsEncrypt.

Follow the money: he's using FUD tactics to direct people to pay services by saying that you can't trust the sites that use the free service, in order to try to get the vendors to stop accepting those certs.

But that's different from anybody throwing out a cert on a site claiming to be what it isn't because they hijacked the domain (briefly) but don't have proof of ownership necessary to get a CA to give them a valid cert for it.

Re: You can't have it both ways.

[Cramer]

If I'm your ISP, that's a very small hurdle.

Re: You can't have it both ways.

[Zero__Kelvin]

Someone who owns the server owns the server. It is a small hurdle to anyone regardless of ISP.

greed..

im sure they took same math class as music indystry. 100.000x259$
oh! we are loosing 259.000.000. that makes sence. now lets cry about it and get some support for our lost money and scare some tech and number illiterate people.

BS

[duke_cheetah2003]

Calling BS on this. There is nothing inherently wrong with issuing certs. Regardless of who issues those certs, they can only be used to create a secure identified connections between a user and a server.

They definitely do not facilitate criminality any more than Apache2 does. This is just pure silliness. There's nothing wrong here. Bad guys can get certs from other sources just as easily as anyone else. They can get them from Let's Encrypt, too. So can everyone else. A certificate doesn't facilitate illegal activity. It's just for a secure connection.

Something tell me there's more to this than simply crying wolf about bad guys getting certs easily. Someone obviously would prefer that web hosts, big and small, don't get cheap (or free) certs to secure their connections from prying eyes.

While the justification might be 'bad guys are abusing this,' I'm still calling BS. Someone (or some *cough* three letter agency) is annoyed that people can easily secure their servers.

I'd go as far as to say, Let's Encrypt is having precisely the effect it sought to have. More secure connections on all HTTP traffic across the web. Anyone can TLS up their servers now with very little effort. Good job, Let's Encrypt, you're having a profound and ultimately awesome effect on the web's privacy and shielding from prying eyes. And that effect is a good one, especially when people are crying 'omg it's too easy to get certs now!' Good. Nothing like a very secure connection to give the middle finger to three letter agencies.

Re:BS

[thegarbz]

Not only is it BS, it's the exact opposite.

Having in the past gotten a DV certificate through a normal vendor and now getting them through LetsEncrypt, it is quite clear that the process for LetsEncrypt is far more robust (actual proof I have access to the server by modifying it's contents as part of the handshake) than what most other CA's offer which for DV is based on little more than faith, and for EV based on talking to someone in an Indian call centre who can't understand you anyway.

Re:BS

[houghi]

The thing is that many companies (e.g. banks and government sites) have been saying that you should look to see if you see a lock, as if that would mean that the connection is safe.

The thing is that that is NOT the case. Secure and safe are not interchangeable.

Re:BS

[tlhIngan]

The thing is that many companies (e.g. banks and government sites) have been saying that you should look to see if you see a lock, as if that would mean that the connection is safe.

The thing is that that is NOT the case. Secure and safe are not interchangeable.

Therein lies the problem. Far too long we've conditioned users to look for the lock. And now practically every site has a lock.

And therein lies a BIG problem if you use LetsEncrypt. Because a good chunk of LE certificates go towards phishing sites (notably Paypal), there's a really good chance that someone somewhere will simply block LE certificates as a anti-phishing measure. I mean, with like 95% of the sites being phishing sites, that's a really big target,. and the remaining 5% are sites that "normal people" don't usually care about.

It's only a matter of time, really.

False association.

[Gravis+Zero]

The problem here has nothing to do with encryption and everything to do with the fact that companies have pushed the idea that if a connection is encrypted that the site is legitimate. The only thing that encryption does is ensure you connection cannot be spied on. The idea that encryption should be reserved for certain people is patently absurd.

Stop telling people that encryption equates to legitimacy and the problem is resolved.

Re:False association.

[billyswong]

Yeah, most phishing attack aren't even through MITM attack or eavesdropping, but social engineering. Companies should make sure their website name is stable and consistent, not branching into so many domains. If each company use the same domain for every web pages they have, then phishing attack would have been a lot more difficult already, as users can immediate recognize a cheap fake site, while those do MITM can be arrested as they leave more criminal evidence.

But no, first multi-national companies use one domain per countries, then company local branch use one domain per product or service or the latest seasonal promotion, and so on and so on.

Have two cert grades

[Eravnrekaree]

Lets Encrypt verifies ownership of the domain. If you see the secured indicator in the browser, its a gaurantee that your actually talking to the server of the people who own that domain. So, if people watch out for the right domain as well as the secured indicator, it provides additional safety. So, people need to know the domains of critical sites they might use, and look carefully at that domain name. This is true as well, if there were no TLS being used. TLS provides additional gaurantees you really are talking to that domain and that no one is listening. Lets Encrypt makes things much more secure, rather than less security than before. However, certs with stronger vetting would verify ownership more of the domain a well as the certificate, maybe making sure that the domain is not hosting a malicious site that is spoofing a real bank or something.

There is a solution to this: have two grades of certificates, one with one star free certicates based on the Lets Encrypt model, for low risk sites and two stars for high risk.

Lets Encrypt, would not be an issue at all, furthermore, providing we do this: It might be a good idea, to have multiple security levels in the indicator, maybe one star for a Lets Encrypt type cert, maybe two stars for more intensive verification methods. this would allow the easy availability of Lets Encrypt to continue, but for banks etc to apply for the second star certificate for higher level of verification.

For many sites, like the personal website, Lets Encrypt is fine, without it those sites wouldnt encrypt anyway since its not worth the vast sums for a certificate from one of the commercial providers. For a bank, getting a cert with stronger vetting might make sense, and there is a better trade off for them to do it.

You could then train users to look for one star for low risk sites, two stars for ecommerce and banking stuff.

Re:Have two cert grades

[thegarbz]

There is a solution to this: have two grades of certificates

You're right. There is a solution to this. It was developed 12 years ago in the form of EV certificates and has been in use for a long while along with a far better indicator than the one you proposed:

If you go to https://www.slashdot.org/ you will see a little green lock and the word "Secure"
If you go to https://www.bankofamerica.com/ you will see a little green lock and the words "Bank of America Corporation [US]"

No need for any fancy domain name URL checking.

JUST SO YOU KNOW, SLASHDOT USES

Let's Encrypt! Cheapos!

You don't have to wonder

[rsilvergun]

they've got strong ties to a fairly oppressive government.

CAs aren't the domain police

[tepples]

it was assumed that CA has an Authority to verify that this website is who it claims it is.

And when the only claim in question is "this site is operated by the same entity that owns the domain", a CA offering domain-validated certificates has an Authority to verify this claim. Let's Encrypt does this through either a cleartext HTTP connection to the server or DNS TXT records. Verifying whether the domain owner ought to continue to own that domain, or that the domain is not misleadingly similar to the name of a large business, is outside the scope of a domain-validated certificate.

Re:You are aware...

[duke_cheetah2003]

That they can break TLS. This just makes it computationally harder for them, not impossible.

First of all, TLS has many and growing number of encryption methods and key exchange mechanisms. I have no doubt SOME of those methods are broken or easily broken into. Others are not so easy, and ridiculously computationally expensive to unwind. And there are always better ones being added as they are invented.

Additionally, the more encryption that is out there operating in the field, the more computationally expensive it's going to get to a) find data you're actually interested in, and b) decrypting that data. Casual peeking is no longer viable if EVERYTHING is encrypted, whether it be difficult to break or not. You have to decide what to break into.

Because LE doesn't offer OV or EV certificates

[tepples]

Why hold one CA to a completely different set of standards than every other CA?

Because most other major CAs that offer domain-validated (DV) certificates also offer organization-validated (OV) or Extended Validation (EV) certificates for a higher price. Let's Encrypt does not.

Then go get the CA/Browser Forum to amend their requirements that all CAs and web browser makers follow.

Or write a browser extension to trust DV certificates less. Then you'll get a green bar on Twitter but a warning on Facebook. Comodo's Dragon browser, for example, has included something like this, displaying a warning the first time the user visits a site using a DV certificate. The warning's text begins as follows:

It may not be safe to exchange information with this site

The security (or SSL) certificate for this website indicates that the organization operating it may not have undergone trusted third-party validation that it is a legitimate business. Although the information passed between you and this website will be encrypted, you have no assurance of who you are actually exchanging information with[...]

Re:Because LE doesn't offer OV or EV certificates

[tepples]

humans can't do anything useful with "almost everything might be dangerous".

Of course they can. They can opt into the walled garden of Nintendo, Sony, Microsoft, or Apple, for example, which in theory allow only vetted businesses to publish on their platforms.

DV requires intercepting more connections

[tepples]

If there is no "vetting" then why have CA's? Just self-sign and call it a day.

Self-signing allows any ISP to intercept your connection and act as a man in the middle without your knowledge. A domain-validated certificate requires an attacker to intercept not only your connection to the web server but also the CA's connection to the domain's DNS server days or weeks earlier when the certificate was issued.

Balderdash.

[HBI]

TLS conveniently tells you the encryption technology in use.

RSA is toast. ECC is debatable in terms of security, and with quantum computers in practical use now, may be completely owned. We just don't know for sure. So what's your "beyond ECC" technology in the hopper that makes you think we are secure?

Stop trying to fool the plebs that this is anything but a speed bump. Or perhaps you don't realize this yourself.

Re:Balderdash.

[duke_cheetah2003]

Stop trying to fool the plebs that this is anything but a speed bump. Or perhaps you don't realize this yourself.

Not so sure that is true. Look at the examples of breeches in security we read about from time to time, including breeches in darknet security, and other illicit sites.

All of these breeches were achieved by social engineering, or someone making an oops, and LE swoops in. In some cases, we're seeing LE operate the illicit sites themselves to harvest data.

This is the important clue. They seem to need to get on the inside somehow, to get any data. This tells me, they're either incapable of breaching security through brute force, or they're not showing that they can.

Considering how underhanded LE will get, they will get very close to the line in many cases, I highly doubt if they could break encryption as easily as you and others seem to think they can, they would, regularly, and overtly to catch bad guys. They've already shown they will go to extraordinary lengths without breaking encryption.

While the paranoia might be warranted, I'm not entirely sure the situation is completely useless. There's safety in deployments, as I said before, more adoption of secure connections, unless this is just totally trivial to break, then more is better, even where it's not needed. If it's trivial for them to break, we may as well go back to plain text, is that your message here?

Re:Balderdash.

[guruevi]

Take your tinfoil hat off, RSA and ECC with 1024-bit keys and beyond is more than safe enough for the foreseeable future. Use 2048 or 4096 bit if you're paranoid. We have no quantum computers that can break these codes just yet, we actually have no idea whether it's even possible to make them.

Checks and Balances

[thegarbz]

To start with the second word, there should not be any "balances" in place when issuing DV certificates. It's not up to the CA to "balance" anything. A DV certificate achieves one purpose only beside facilitating encryption: certify that the server you are talking to is actually the one addressed in the URL. Nothing more. A DV certificate has nothing to do with the person or the company owning that server. It has nothing to do with the person who registered the domain. It is purely there to say the computer sending you files claiming to be slashdot.org is actually slashdot.org.

The best way of checking this is to actually force the server itself to prove that it is in control of its own URL > by modifying the contents on the server. That is precisely what Lets Encrypt does. This is far better than any human interaction, and far better than some confirmation email sent to some address in some unverified whois record, both methods which are used by traditional CAs.

Not only do Lets Encrypt have proper checks in place, they have better checks than any other CA currently issuing DV certificates. Kaspersky can go pound sand, especially when proving that he either doesn't understand this security process or that he has financial incentive to be wilfully deceitful about this security process.

My first response is "Fuck them"

[Chas]

Okay Google (and their lickspittles at Mozilla) decide to wall off stock http sites behind "danger" messages.
So anyone providing more than a cursory "I love me" page website has to run out and get a cert.

Let's Encrypt steps up and makes the process easy and mostly seamless.

Now people are bitching because they didn't draw out the process and make it more painful.
And they're worried about how a security mechanism can be used to make people LESS secure.

Maybe someone should have thought their way through this BEFORE making https and certs essentially MANDATORY.

Green bar and Cert types

[FeelGood314]

There are a number of things wrong in the comments so let's clarify them. There are three types of certificates: Extended Validation, Organization Validation and Domain Validation. The green lock only appears for sites with Extended Validation. Extended validation requires the site owner to prove they are a real company, really do own the name in the domain name, i.e. they are not spoofing something, that the DNS record is correct and that they control the domain. These are usually $250 - $500. Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock. Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock. It is valuable in that, it prevents man-in-the-middle attacks and ensures that your communication is encrypted, however you have no assurances as to who is behind the domain. Domain Validation certs are usually free. Let's Encrypt only issues Domain Validation Certificates

There is a list of requirements for CAs to obey for granting certs and they are stringently audited and then the auditors are audited. (and one auditor has failed). The EV audits are extremely thorough. Further any EV certificates that are issued now have to be added to a certificate transparency log https://en.wikipedia.org/wiki/..., so all EV certs that have been issued are publicly viewable and now auditable by everyone. (the log is a merkle tree so inclusion in the tree is easy to find and undetected changes are impossible).

Conclusion: If you are going to a website that you expect to be secure for banking or from a reputable company and the lock isn't green then you are likely visiting a spoofed or compromised page. If you are visiting Joe from down the streets cat pic site a DV cert is good enough.

Re:Green bar and Cert types

[thegarbz]

The green lock only appears for sites with Extended Validation.

No it doesn't.

Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock.

Yes it does.

Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock.

Yes it does.

Your advice is only true for users of Microsoft browsers and covers 20% of the market share. The green lock is provided to any encrypted connection with a valid certificate chain in Firefox, Chrome, and Safari. The entire concept of telling people to look at a colour or a symbol was completely stupid in the first place as colour doesn't convey information of "who" but only "what". If someone incorrectly gets an EV certificate due to an oversight at a CA (happens often enough) then this can be identified with actual text but not with colour alone.

Modern browsers use the colour to identify encryption and certificate validity and then use actual verified text to identify the organisation the certificate was issued to (for OV and EV certs).
e.g.
https://www.slashdot.org/ - Green lock "Secure"
https://www.bankofamerica.com/ - Green lock "Bank of America Corporation [US]

The outlier is Internet Explorer 11 and Edge which only uses the green colour on an EV certificate, but otherwise still provides EV information in the address bar like all the other browsers.

Certificate public database?

[manu0601]

Where is this certificate public database? How can I query it?

Re:Certificate public database?

[GumphMaster]

https://letsencrypt.org/certif... under the heading "Certificate Transparency"

So what's the big deal?

[JThaddeus]

It's not like I ever saw a serious attempt at verification from VeriSign, Thawte, or GoDaddy in the 15 years I had to get code signing certs. It's a racket.

Re:So what's the big deal?

[AHuxley]

The change in the way malware connects.
In the past it would be easy to understand that strange new connection from deep within an OS or network due to a lack of encryption.
It looks the same on every computer or network.
With lots of new encryption products that malware gets more places to hide as something the user could be encrypting.

Re:You are aware...

[guruevi]

In theory it's possible to break everything, given enough time. A single TLS session may take a few decades to break, how many of those do you want to break per day? It's unfeasible to break TLS except by very targeted MITM attacks (downgrading etc) by badly configured browsers and web servers.

Re: Yes, but that's just a symptom of the problem

[dgatwood]

Who said anything about spoofing? Suppose an attacker manages to crack into one of the servers that provides a domain's DNS. That same server won't provide DNS for the domain that hosts the tech contact's email.

No, from a security perspective, checking only that you control the web server is much, much weaker than checking to see if you're the tech contact for the domain, and IMO, they should never have been allowed to cut that corner. The only reason they had to do that was that they made the decision to use 90-day certs under the bizarre assumption that servers are constantly getting compromised and their keys stolen, and that limiting the window in which stolen certs can be used is more important than preventing someone from creating a fake, valid cert for a domain that isn't getting constantly compromised.

Unfortunately, that decision led to weaker verification, and worse, the same flawed logic led to the clients rekeying every time they recert, thus preventing key pinning (another security technique intended to prevent attackers from being able to spoof domains). So all the problems that I have with LetsEncrypt from a security perspective stem from basically the same bad decision, give or take.

MITM instead of breaking encryption

[tepples]

Self-signed certs force encryption, so I'm not sure how an ISP would able to crack that encryption [...] The problem with self-signed certs is there is no mechanism that requires the cert owner to actually control the domain the cert, no way to ensure the server you are connecting to actually is who it ways it is.

You answered your own question. Instead of letting a subscriber connect to a server with a self-signed certificate, the ISP would intercept the connection, act as a server to the subscriber, and act as a client to the real server. Browser publishers warn for self-signed certificates but don't warn for DV certificates because they have agreed that https in the scheme means some level of verification that the domain and server share control.