Slashdot Mirror

← Back to Stories (view on slashdot.org)

Let's Encrypt Is Now Officially Trusted by All Major Root Certificates (bleepingcomputer.com)

Posted by msmash on from the marching-forward dept.

Let's Encrypt has announced that it is now directly trusted by all major root certificates including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Let's Encrypt is now directly trusted by all major browsers and operating systems. From a report: While Let's Encrypt has already been trusted by almost all browsers, it was done so through intermediate certificate that were cross-signed by IdenTrust. As IdenTrust was directly trusted by all major browser vendors and operating systems, it also allowed Let's Encrypt to be trusted as well. With Let's Encrypt now being directly trusted, if there is ever a problem with IdenTrust and they themselves become untrusted, Let's Encrypt users will still be able to function properly.

92 comments

  1. Gee by Anonymous Coward · · Score: -1, Troll

    Gee, now if the certs would last longer than Trump's attention span, Let's Encrypt could actually become useful. At this point, they should rename it "Let's Momentarily Encrypt."

    1. Re: Gee by Anonymous Coward · · Score: 0

      Just replace your certs rolling and automatically if you worry about expires... If you are in a corporate red tape hell, then it is time to find the scissors ;)

    2. Re:Gee by Anonymous Coward · · Score: 5, Insightful

      Automate.

      Certs updates should be automated anyhow, can't count how many times I've seen corporate sites have certs expire because some one couldn't or didn't update the cert because it was a manual process...

    3. Re:Gee by Wycliffe · · Score: 4, Informative

      The relatively short length is intentional: https://letsencrypt.org/2015/1...
      It's long enough so that you *can* manually update but short enough that it's a hassle to encourage people to automate.

    4. Re:Gee by spire3661 · · Score: 0

      Im sorry, but i absolutely cannot take them seriously when they say shit like this " If we’re going to move the entire Web to HTTPS, ".

      With this stance, NO ONE should be supporting Lets Encrypt. Their philosophy is anathema to a free and open web. Enough! Lets Encrypt should be considered neutral at best, and outright harmful at worst. Im tired of it being touted as a good thing. This madness has gone too far already.

      --
      Good-bye
    5. Re:Gee by thegarbz · · Score: 2, Insightful

      If you can't figure out how to set cron to execute a command every 3 months then you really shouldn't be even remotely in charge of something as important as the encryption on your server.

    6. Re:Gee by pnutjam · · Score: 3, Insightful

      Anathema to a free web? By insuring I'm talking to the site I tried to talk to and preventing eavesdropping?

      --
      Cheap storage VM.
    7. Re:Gee by Wycliffe · · Score: 2

      Im sorry, but i absolutely cannot take them seriously when they say shit like this " If we’re going to move the entire Web to HTTPS, ".

      With this stance, NO ONE should be supporting Lets Encrypt. Their philosophy is anathema to a free and open web. Enough! Lets Encrypt should be considered neutral at best, and outright harmful at worst. Im tired of it being touted as a good thing. This madness has gone too far already.

      Google has the same stance of encrypting everything. They are even starting to penalize sites that are not encrypted. I believe the idea is that if everything is encrypted then not only does it make MITM harder, it also makes it harder to distinguish between "regular" traffic and traffic a government or organization might want to monitor/restrict. As a parent who has tried to use parental controls, it does work. It's extremely hard to censor/monitor youtube because everything is now encrypted.

    8. Re:Gee by tepples · · Score: 1

      That'd be fine if all major domain registrars offered a way to let a cron job update your domain's TXT records. I'm under the impression that many do not. Many dynamic DNS providers don't support TXT records at all.

    9. Re:Gee by Opportunist · · Score: 1

      You do know that nothing is easier than auto-renewing your certificate, yes? Hell, pretty much any proxy and other SSL-offloader comes with its own "how to automate LE-Cert-Renewals".

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    10. Re:Gee by Opportunist · · Score: 1

      You might want to elaborate on that, it's not as obvious as you think it is.

      At least to me, it ain't.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    11. Re:Gee by Opportunist · · Score: 1

      Then install an offloading proxy on the machine you want to monitor and its certificate in the browser used. It ain't hard to break ssl encryption, provided you control one endpoint...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    12. Re:Gee by Opportunist · · Score: 1

      You shouldn't be in charge of an internet facing machine altogether...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    13. Re:Gee by tepples · · Score: 1

      Web browsers require HTTPS for some JavaScript APIs, even on non-Internet-facing machines such as a NAS box on your home LAN.

    14. Re:Gee by thegarbz · · Score: 0

      All of that would be a real problem if Lets Encrypt depended on the TXT record. It does not.

    15. Re:Gee by thegarbz · · Score: 1

      OOooh cut. Burn. Hisss. boooo!

      Another high value post brought to you by an opportunist who was hoping no one noticed that he added nothing to the conversation.

    16. Re:Gee by Anonymous Coward · · Score: 0

      It's not Let's Encrypt's fault. It's Google's fault for trying to strong-arm HTTPS-only. Let's Encrypt is just a nonprofit that provides a free service that makes it possible.

    17. Re:Gee by Opportunist · · Score: 1

      Not you, personally, you as in an addendum to your post.

      Screw English and its lack of an impersonal pronoun.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    18. Re:Gee by dissy · · Score: 1

      Another high value post brought to you by an opportunist who was hoping no one noticed that he added nothing to the conversation.

      Except he's correct.

      If one explicitly choose not to automatically schedule a once-per-three-month task and perform it manually, yet can't manage to find the time or inclination to actually do so manually every three months, one would have much worse problems than your certificate expiring.

      That means using the same demonstrated behavior and thinking, that person would refuse to automate system updates and security patches opting to install them manually, and then not having the time or inclination to actually manually install those security updates and system patches.

      Security patches tend to get released much more frequent than once every three months as well.
      By the time the certificate expires, the same system is at least three months behind on patching potentially remotely exploitable security vulnerabilities.

      If one makes the choice to provide full admin/root access on your systems to any random scan bot and script kiddie that happens along, complaining that its certificate (that is no longer actually protecting anything) has expired isn't a priority.

    19. Re:Gee by tepples · · Score: 1

      Let's Encrypt depends on the TXT record for the dns-01 challenge. It does not for the http-01 challenge; it instead depends on having a public-facing web server as opposed to one behind the firewall.

    20. Re:Gee by thegarbz · · Score: 1

      yet can't manage to find the time

      Who said that? Must have been that magical person who can edit Slashdot posts.

    21. Re:Gee by Anonymous Coward · · Score: 0

      It's not "breaking" if you have the correct cert. I can break any authentication system if someone provides me a valid form of authentication. /s

    22. Re:Gee by tepples · · Score: 1

      It's Google's fault for trying to strong-arm HTTPS-only.

      It's not even only Google. Mozilla is on the same track of deprecating cleartext HTTP, according to its HTTPS FAQ from May 2015.

    23. Re:Gee by dissy · · Score: 1

      yet can't manage to find the time

      Who said that? Must have been that magical person who can edit Slashdot posts.

      This post said that:

      "Gee, now if the certs would last longer than Trump's attention span, Let's Encrypt could actually become useful. At this point, they should rename it "Let's Momentarily Encrypt.""

      That being the person you responded to, saying:

      "If you can't figure out how to set cron to execute a command every 3 months then you really shouldn't be even remotely in charge of something as important as the encryption on your server."

      That being the post Opportunist expanded upon, adding to your reply to them with:

      "You shouldn't be in charge of an internet facing machine altogether..."

      That being the post you responded to with insults and claiming it wasn't an addition:

      "Another high value post brought to you by an opportunist who was hoping no one noticed that he added nothing to the conversation."

      It is clear you're having problems following a conversation thread, obviously mistaking his statement as directed at you, instead of what actually happened being he expanded on your statement directed to the same person you replied to.

      This brings us to my reply saying his addition was correct and explaining in detail why that is.

      (You know, slashdot has a thread view mode for this)

      The only reason the first person would even mention the cert validity time being short is if they didn't automate the renewal, so they clearly didn't automate it.
      The only reason the first person would complain about the short time, already shown not to be automated, is if it was a problem.
      Manually renewing it, though silly, also does work when you do it. One only complains if they don't or can't, so they clearly are not doing so.

      The proper solution is to automate the renewal, just like you pointed out, solving the "even mentioning it" part.
      The proper solution to not manually renewing it, aka maintaining the system, is to not be in a system admin role, as Opportunist pointed out, solving the "complaining" part.

      Is this really all that confusing?

      You are literally making personal attacks directed at those of us confirming your original statement here. Are you attempting to argue we are wrong or something?
      If so, being we are expanding upon and reconfirming what you yourself originally said, wouldn't us being wrong also make your statement wrong? Why did you post it then?

      If you are not attempting to say we are wrong, then why the hostility?

    24. Re:Gee by lannocc · · Score: 1

      What I do is on the main nameservers I set up NS records for the _acme-challenge subdomains that points to my own nameserver (BIND) used only for this purpose. Then I have a simple script that updates the TXT record in these zone files. Works like a charm. I can share it if you think it's useful.

      --
      -IOVAR Web Dev Platform
    25. Re:Gee by spire3661 · · Score: 1

      The issue is they think that all websites should be encrypted and are working to that end. I should not need a third party cert to deploy a website on the web, period. Use them if you want, they are great, but the idea that all the web must be purged of clear HTTP is utter stupidity and i cannot support that.

      --
      Good-bye
    26. Re:Gee by Anonymous Coward · · Score: 0

      Eavesdropping? You're aware your are browsing Slashdot, right? Slashdot, the site where every page has connections to a multitude of third-party servers that serve ads and collect data for analytics on every page you view, every link you click. And you're worried by mitm surveillance? That's funny.

    27. Re:Gee by lannocc · · Score: 1

      I put my process on github: https://github.com/VirgoVentur...

      --
      -IOVAR Web Dev Platform
    28. Re:Gee by Anonymous Coward · · Score: 0

      You might want to elaborate on that, it's not as obvious as you think it is.

      At least to me, it ain't.

      My view of this is that requiring a website obtain a certificate introduces another way to knock unapproved websites offline by refusing them a certificate. It has not happened that I'm aware, but it could be used.
      I think that is the worry.

    29. Re:Gee by pnutjam · · Score: 1

      Like I don't block that shit...

      --
      Cheap storage VM.
    30. Re: Gee by Anonymous Coward · · Score: 0

      the DNS-01 challenge is REQUIRED for their new wilcard certs and there is no automation yet, except DIY.

    31. Re:Gee by tepples · · Score: 1

      Thanks for posting your process. But do dynamic DNS providers even allow NS records?

    32. Re:Gee by lannocc · · Score: 1

      Shoot, that's a good question. I'm not too familiar with the third-party providers since I host my own DNS and simply wanted an easy way to renew without having to modify the processes connected to my main nameservers. I put my scripts on github, maybe they can still be useful: https://github.com/VirgoVentur...

      --
      -IOVAR Web Dev Platform
  2. What by Anonymous Coward · · Score: 5, Insightful

    Trusted by root certificates? That is not how root certificates work. Bad article and bad headline for a tech site

    1. Re:What by Anonymous Coward · · Score: 0, Troll

      Welcome to 2018 Slashdot, where the stories are fluffed up, and technical correctness doesn't matter.

      (BONUS POINTS: My captcha word is "encrypt"...)

    2. Re:What by LordKronos · · Score: 4, Informative

      Wow...and on top of that, you've been moderated to -1 Troll for correctly pointing it out. For any clueless moderator who might be included to give you a -1 mod:

      Let's Encrypt is not "trusted by" root certificates***. It's more correct to say that the Let's Encrypt root certificate is now a trusted root certificate in the certificate store of all major browsers.

      *** I guess technically they are also trusted by a root certificate. Let's Encrypt's intermediate certificate is also cross-signed by CACert, which is how older browsers (versions before the root certificate was included) were previously able to trust Let's Encrypt certificates. However, that's nearly 3 year old news, and although an articles about 3 year old news is not unheard of on slashdot, that's not what this particular article is about.

    3. Re:What by Anonymous Coward · · Score: 0

      This is where metamoderation should slam the negative moderation on a comment that is completely correct from a technical perspective. It happened to some of the other replies as well. Whoever modded this down shouldn't get moderator points again for a long time, if ever.

    4. Re: What by Anonymous Coward · · Score: 0

      Well, the editors probably modded it down since it pointed out their failure.

    5. Re:What by R.Mo_Robert · · Score: 1

      It's more correct to say that the Let's Encrypt root certificate is now a trusted root certificate in the certificate store of all major browsers.

      Yeah, I'm guessing whoever wrote the summary mis-paraphrased the press release on Let's Encrypt's website, which says that it is now "trusted by all major root programs" (i.e., those by Mozilla, Microsoft, Apple, etc., where it is decided which root certificates are distributed with their products). It could almost be a slip of the "tongue" since "root certificate" is a much more common phrase, but then they kept saying it...

      --
      R.Mo
    6. Re:What by Anonymous Coward · · Score: 0

      Is meta-moderation still even a thing on slashdot? Maybe they just moved it to a place I can't see it, but as far as I'm aware I haven't been offered it in many years.

    7. Re:What by Anonymous Coward · · Score: 0

      Looks like they corrected the title. Still a stupid mistake.

    8. Re:What by Anonymous Coward · · Score: 0

      There is a "trusted store" that contains "root certificates" which may be used by *any* program
      There are no "root programs" unless they mean programs owned by root, or running with root privilege.

      But what can you expect from a garbage site like "Bleeping Computer" that sources technical information from a forum full of spastic Pokeman retards on neowin.

    9. Re:What by OtisSnerd · · Score: 2

      Is meta-moderation still even a thing on slashdot? Maybe they just moved it to a place I can't see it, but as far as I'm aware I haven't been offered it in many years.

      You can find it here: https://slashdot.org/firehose.... After finally being offered metamod, I saved the URL.

    10. Re:What by Anonymous Coward · · Score: 0

      The linked article says it is now trusted by all root certificate programs .

      That should have been the headline.

  3. hi by Anonymous Coward · · Score: -1

    hi! cool.

  4. one of these things is not like the other... by Jaegs · · Score: 4, Funny

    Microsoft? Check.
    Google? Check.
    Apple? Check.
    Mozilla? Check.
    Oracle? Check.
    Blackberry? Che... wait, what?

    1. Re:one of these things is not like the other... by Anonymous Coward · · Score: 0

      * Microsoft make the OS Windows, which includes a list of root certs they trust.
      * Google make the OS Android, which includes a list of root certs they trust. (They also make Chrome, but that doesn't include any root certs, it uses the OS-provided ones).
      * Apple make the OSs MacOS and iOS, which include a list of root certs they trust.
      * Mozilla make the web browser Firefox, which include a list of root certs they trust. They also distribute the NSS library, that includes the same list of root certs, and this list of root certs is used by most Linux distros and other open-source projects that don't have the experience and/or manpower and/or desire to run their own root program.
      * Oracle make OSs including Solaris, which include a list of root certs they trust.
      * Blackberry make/made their own OS for their own phones, which includes a list of root certs they trust.

      So all the above have to choose which CAs they trust.

    2. Re:one of these things is not like the other... by omnichad · · Score: 1

      * Google make the OS Android, which includes a list of root certs they trust. (They also make Chrome, but that doesn't include any root certs, it uses the OS-provided ones).

      I'm not sure if that's always true. Pull up https://secure.netflix.com/ in Chrome (untrusted) and then pull it up in IE or Edge. I have no idea why, but Chrome flags that certificate as invalid. I display some inline Netflix cover art on a personal web app and the pictures won't load in Chrome. Everything about the cert appears to be valid.

    3. Re:one of these things is not like the other... by darkain · · Score: 1

      Checking that site, it looks like it uses a Symantic cert, which those are no longer trusted by Google products. Chrome may be using the OS provided root cert list, however it most likely has Google's own blacklist of distrust internally.

  5. All major OS? Forgot to get BSD. by Anonymous Coward · · Score: 2, Funny

    Netcraft confirms it, this list is dead.

  6. Let's Encrypt issues more than half of all certs by Anonymous Coward · · Score: 0

    Let's Encrypt has become a single point of failure for the majority of web sites and is thus too big to fail, which is a terrible thing to say about a CA. It needs to be broken up or preferably a more distributed way of securing web site encryption needs to be established.

  7. Let's Encrypt is great to learn automation by Anonymous Coward · · Score: 2, Informative

    Let's Encrypt is a really good setup for people who want to learn how to automate their system. While free and easy to set up (it took me about an hour to get https on my websites with it), the certificates only last 90 days, with the justification being that people should learn how to automate things.

    Since I have multiple redundant nodes which I rsync to, I had to use the --manual-auth-hook option to certbot-auto to push the challenge-response tokens Let's Encrypt uses to authenticate website. I also use Ansible to log in to all of my nodes to update the certificates once they are generated.

    Note that Let's Encrypt does log the IP of the machine used to generate the certificates; while these IPs have not been made public, the EFF keeps threatening to do so, which causes some lively discussion on the Let's Encrypt forum.

    1. Re:Let's Encrypt is great to learn automation by hcs_$reboot · · Score: 1

      To be fair, LE's automation installation is automated... and you don't even have to learn much to use it.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    2. Re:Let's Encrypt is great to learn automation by Anonymous Coward · · Score: 1

      It's only simple if 1) You run the certbot on the actual web server and 2) Your nginx (or Apache) setup is bog-standard.

      I had to do things manually because nginx is in /usr/local/nginx on my nodes, and because I run certbot-auto on my local machine, then push the generated certs to the machines actually serving web pages.

      Ansible looks good on my resume, so it was a net positive for me.

  8. Re:Let's Encrypt issues more than half of all cert by higuita · · Score: 2

    *ALL CA* are a single point of failure, it is not just let's encrypt

    --
    Higuita
  9. Now you know... by Anonymous Coward · · Score: -1

    ... why the vitriol on bleepingcomputer and why msmash likes it so much. As does BeauHD.

  10. Re:Let's Encrypt issues more than half of all cert by Anonymous Coward · · Score: 2, Insightful

    Let's Encrypt has become a single point of failure for the majority of web sites

    I generally think of "single point of failure" as one thing breaks and it immediately takes everything else down with it. With certificates, you should be renewing them 30 days before they expire. If Let's Encrypt suddenly ceased to exist, you would have 30 days notice that they are gone, and thus 30 days to switch to a different certificate provider and continue on with zero downtime. That's not my definition of single-point-of-failure. So it's really only a single point of failure for websites whose admins can't be bothered to monitor their processes, and can't be bothered to read tech-related websites and blogs (as something like that would be posted about everywhere).

  11. Re:Let's Encrypt issues more than half of all cert by Sloppy · · Score: 1

    And we have known how to fix it since about 1988-1990 (PGP), before HTTPS was even a thing. Our entire CA system was obsolete before we started using it. Hopefully, some day we'll upgrade to 1990 tech and then identities will have multiple parties certifying them.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  12. Whiz by Anonymous Coward · · Score: 0

    The relatively short length is intentional

    This is a boneheaded rationale. It means that the risk of the process (automated or not) breaking arises more often than it needs to.

    Many users want encryption that is in place and remains in place, not encryption that stops working, or potentially stops working, at very short intervals. Let's Encrypt produces a series of short-interval risks of failure. Not going to bite on that.

    1. Re:Whiz by hcs_$reboot · · Score: 1

      The unofficial reason of a short-lived certificate is that LE doesn't want to be liable in case of a certificate issue - the shorter the life, the lower the probability of some issues.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    2. Re:Whiz by Anonymous Coward · · Score: 1

      I think it increases security, credibility. Remember that those certificates are intended to provide both.

      With a positive response required to keep the certificate up it means someone in charge of the certificate is actively maintaining a system and the required chain of credentials to make it all happen is being processed (Even if automated)

      It means things are more likely to be legitimate, and the useful lifetime of hijacked credentials is much shorter.

    3. Re:Whiz by omnichad · · Score: 1

      Most automatic renewal options attempt renewal in advance of the expiration, so there's time to get notified and resolve any issues before the current cert expires.

  13. MOD PARENT UP by CheeseyDJ · · Score: 3, Insightful

    Came here to say the same thing. The headline makes no sense whatsoever.

  14. Too early to celebrate by petermp · · Score: 1

    From the official announcement: "While Let’s Encrypt is now directly trusted by almost all newer versions of operating systems, browsers, and devices, there are still many older versions in the world that do not directly trust Let’s Encrypt. Some of those older systems will eventually be updated to trust Let’s Encrypt directly. Some will not, and we’ll need to wait for the vast majority of those to cycle out of the Web ecosystem. We expect this will take at least five more years, so we plan to use a cross signature until then." So let's not hurry with the celebrations. It will take 5 year at least to happen ......

    1. Re:Too early to celebrate by hcs_$reboot · · Score: 1

      Very vague statement, what is "old" and "older"? Even IE6 (xp sp3) qualifies! https://letsencrypt.org/docs/c...

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    2. Re:Too early to celebrate by petermp · · Score: 1

      Very vague statement, what is "old" and "older"? Even IE6 (xp sp3) qualifies! https://letsencrypt.org/docs/c...

      It is *comaptible* with all of these via IdenTrust. Does not mean, all of these will trust directly Let's Encrypt....

    3. Re:Too early to celebrate by Opportunist · · Score: 1

      Well, then it's time to tell people who complain about a broken certificate to update their fucking browser to a version that isn't a security problem for the whole damn web!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. Re:Let's Encrypt issues more than half of all cert by thegarbz · · Score: 2

    Let's Encrypt has become a single point of failure

    How so? You do realise there are systems in place to handle faults in certificate issuing processes, and outside of the issuing process they are not in any way involved right?

    Before you declare something a single point of failure and a major drama, maybe define what the failure mechanism and the consequence is first.

  16. For those who do not know by houghi · · Score: 4, Informative

    Letâ(TM)s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

    So if you need an SSL certificate for cheap, you can go to them. https://letsencrypt.org/

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:For those who do not know by Anonymous Coward · · Score: 0

      Also a trojan horse for security in the internet because now with let's decrypt anyone can do MITM with a valid certificate. What good is encryption if you can no longer trust the endpoint that's receiving it. We as users should accept no less than mandatory EV everything. No DV certificates provide any assurance that who you are talking to is really who they claim to be, especially if that certificate is issued by let's decrypt

    2. Re:For those who do not know by tepples · · Score: 1

      Also a trojan horse for security in the internet because now with let's decrypt anyone can do MITM with a valid certificate.

      This MITM would have to intercept the server's connection to the Internet through several paths at every renewal time, and the rightful owner of the domain would notice the misissued certificate through Certificate Transparency logs.

      We as users should accept no less than mandatory EV everything.

      Are you buying?

    3. Re:For those who do not know by Opportunist · · Score: 1

      Just for shits and giggles, can you explain how this would let everyone MitM a connection?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:For those who do not know by Anonymous Coward · · Score: 2, Informative

      Also a trojan horse for security in the internet because now with let's decrypt anyone can do MITM with a valid certificate. What good is encryption if you can no longer trust the endpoint that's receiving it. We as users should accept no less than mandatory EV everything. No DV certificates provide any assurance that who you are talking to is really who they claim to be, especially if that certificate is issued by let's decrypt

      It's amazing people still think and speak like this.
      You clearly show knowledge on how certificate trust chains work on a technical level, yet demonstrate clearly you have no idea what they are for, what problem they solve, how they do that, or why.

      First you are wrong on your specific blame placing regarding MITM attacks.
      The only way to gain MITM advantage is to have access to the very server the private key resides on, as this is the only system allowed to request a cert for it.
      That is true for ALL CAs, there is nothing different with Lets Encrypt here.

      Also true for all CAs, if you have full access to the machine the private key is on, why bother with a MITM? You clearly have access to the entire data conversation at one end prior to data being encrypted. There's not many reasons to be both in the middle and also completely taking over one side. Both positions gain you access to the data in the clear, and since you need one to get the other, the only reason to do the extra work to get the other is just to "cover your bases"

      Then there is your claim on DV certs, that they don't prove WHO you are talking to is who you think it is.

      DV certs don't prove WHO they prove WHAT.
      DV certs assure you are communicating by name to the server that has that name. Nothing more, nothing less.

      In most cases that's all one needs or wants, just to know for certain that when I attempt to speak to the server at "ssl.example.org", that I'm really actually speaking with "ssl.example.org"
      If I cared about not trusting whatever person or organization is behind that server, I wouldn't want to even attempt to speak to that server let alone need to know my lack of talking to that server was happening with the right server.

      The primary reason to care what person or organization runs a server is when you are needing to send information securely *to those people*, by way of their server.

      So yes you want to know that for certain if you are sending a means of payment or sensitive personal info *to a person/organization*, only then do you need to both be assured that the server your trying to talk to is the right server AND that the server your talking to is operated by the right person/organization.

      That is specifically what EV certs are for. But that is far from the only reason one might want to secure communications, and those other reasons aren't likely to need that additional step, where a DV cert works perfectly well.

      Some of my websites exists only to provide information. They do no require or accept payment details, they do not require or accept personal information, they don't even have a login system to make an account in. Just a dump of information available to anyone that wants it.
      There is NO reason anyone needs to trust me personally, and no real reason for me to prove who I am in the real-world. So there is no reason for me to use an EV cert.
      All of that remains true even if EV certs weren't expensive, as in even if it was free there is no NEED for the one extra feature EV gains you over DV.

      People visiting my site however very well might care if anyone in the middle knows what info they got from it. DV certs prevent that just fine.
      Some of those people know their ISP would sell both the fact they visited my site AND specifics of what they looked at, usually for direct marketing ads and crap. DV solves the second of those at least, just as well as EV. Neither EV or DV would hide the fact it was my website, but does hide the URLs and contents.

      I can also say due to the nature

    5. Re:For those who do not know by WaffleMonster · · Score: 1

      This MITM would have to intercept the server's connection to the Internet through several paths at every renewal time

      Compromise of single path to victims server or authoritative name server is sufficient.

      and the rightful owner of the domain would notice the misissued certificate through Certificate Transparency logs.

      LOL sure they would notice.

    6. Re:For those who do not know by tepples · · Score: 1

      But for those who do care, Certificate Transparency monitoring is probably cheaper than an EV certificate. If you disagree: Let's say you were to start a website. How would you afford your website's EV certificate as well as the fee to form an LLC in order to qualify therefor?

    7. Re:For those who do not know by WaffleMonster · · Score: 1

      It's amazing people still think and speak like this.
      You clearly show knowledge on how certificate trust chains work on a technical level, yet demonstrate clearly you have no idea what they are for, what problem they solve, how they do that, or why.

      Amazing to see such a long winded post missing basic fact "certificate chains" are about "trust".

      Failure to establish trust renders underlying technology moot. It doesn't matter how great the crypto is.

      Every DV system these days is automated relying on combination of DNS, SMTP and HTTP. All completely insecure protocols operating over completely insecure networks leveraged to make critical value judgments about whether party in question is trustworthy or not.

      DV = LEAP OF FAITH

      It may work in practice most of the time yet it certainly is not a trustworthy process. Sad part about all of this is that it's a completely unnecessary and avoidable problem.

      There are two basic solutions.

      1. Have registrars handle DV certs as a basic feature of domain ownership leveraging existing trust relationship between domain owners and registrar. (Existing DV CAs are flushed down the toilet)

      2. Have means for registrars to provide authorization tokens as basic feature of domain ownership allowing third parties to securely demonstrate trust relationship between user and registrar for DV signing and other activities.

      Pretending the problem doesn't exist is not a solution.

  17. Being on the ball doesn't fix the single point by Anonymous Coward · · Score: 0

    You say you're arguing against it being a single point of failure, but your actual argument is that one of the many ways it can fail and completely break, happens to be easy to avoid.

    If we hypothesize that expired signatures were the only way that PK cryptosystems fail, this might actually be a good argument. I propose that everyone who is unhappy with the overwhelming weaknesses and variety of vulnerabilities in todays PKI should all move to your universe, away from this sketchy shithole where CAs and governments have already been caught many times, fucking up or being bad actors. That way all the problems people have been thinking about for the last 3 or 4 decades, just magically go away! What's not to like about that? Anyone see a problem with my proposal?

  18. Its like by AHuxley · · Score: 1

    the PRISM list.

    --
    Domestic spying is now "Benign Information Gathering"
  19. Kudos by dcollins117 · · Score: 1

    These guys did something right and I applaud them. Much better than managing your own certificates and getting your users to accept them.

  20. Hard to get your PGP key trusted internationally by tepples · · Score: 1

    You mentioned the Wikipedia article "Web of trust". It acknowledges that getting your key signed for the first time is impractical for many. True, a key signing party will help your key become trusted in the same village. But that doesn't help you build a robust set of paths through the web of trust to users on the other side of the planet unless several people who attended the same key signing party also routinely travel internationally to key signing parties in other countries. And with the U.S. TSA and other national air travel regulators ramping up their security theater in response to terrorist threats, international travel has become more impractical over time. The terrorists have won.

  21. Mozilla covers FreeBSD and NetBSD by tepples · · Score: 1

    *BSD uses Mozilla's root certificate bundle.

    FreeBSD The port port security/ca_root_nss provides Mozilla roots. (Source: chatwizrd's post). NetBSD The package security/mozilla-rootcerts provides Mozilla roots. OpenBSD This libressl commit states that OpenBSD's LibreSSL library provides Mozilla roots.
  22. Re:Hard to get your PGP key trusted internationall by wed128 · · Score: 1

    So establishing the web could be somebody's job. Imagine if i walk into a AAA storefront, show them my ID and pay a small fee, and they sign my cert.

    My bank could do the same. or 711 for that matter. Hell, the DMV ought to, establishing identification is half of their job anyway.

    All i'm saying is, we could have more "web-of-trust" infrastructure then just key signing parties.

  23. Someone by tepples · · Score: 1

    English speakers use "one" or "someone" as the impersonal pronoun. For example, your comment could be reworded as follows: "Someone who can't set up a cron job shouldn't be in charge of an Internet-facing machine altogether."

  24. Notaries for building the web of trust by tepples · · Score: 1

    So establishing the web could be somebody's job.

    I believe that job is called a notary. And you're right that a notary firm operating in multiple villages would have the resources to build the web beyond one geographic area.

    Hell, the DMV ought to, establishing identification is half of their job anyway.

    Even so, good luck getting that, or any other new duties of the DMV, past the minarchists in the Republican Party of each U.S. state.

    1. Re:Notaries for building the web of trust by drinkypoo · · Score: 1

      Even so, good luck getting that, or any other new duties of the DMV, past the minarchists in the Republican Party of each U.S. state.

      It's something that should obviously be handled at your local post office, like applying for a passport. But then, do you trust the USPS? Thing is, I definitely don't trust the CA DMV. They are both incompetent, and entrenched government corruption. But I repeat myself.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  25. Re:Let's Encrypt issues more than half of all cert by Anonymous Coward · · Score: 0

    There have been situations where a CA was deemed untrustworthy. Some have been removed from browsers and operating systems. Of course, when that happened there were "systems" in place to ease the transition for clients of these CAs. But Let's Encrypt is fundamentally different: Let's Encrypt certificates are free and this has led to many web sites getting certificates that otherwise would not have enabled TLS or used fewer domain names for cost reasons, etc. Some of these sites (a lot actually) have locked their sites to HTTPS through long-lasting HSTS declarations. Even if the site owners themselves haven't tied their web sites to HTTPS, the expectation created by the availability of Let's Encrypt and the subsequent changes in browser behavior have. And you can't just tell the owners of these sites to switch to a different free CA: it doesn't exist. If Let's Encrypt somehow breaks or goes away, it will be a serious problem for lots of web site owners. And there's also the problem that migrating more than half of all web sites away from a CA takes a long time. This makes Let's Encrypt "too big to fail".

  26. Re:Hard to get your PGP key trusted internationall by Sloppy · · Score: 1

    You mentioned the Wikipedia article "Web of trust". It acknowledges that getting your key signed for the first time is impractical for many.

    And yet people are able to get X.509 certs signed, and we even have things like LetsEncrypt. The evidence suggests getting signatures isn't really all that hard, since 100.0% of the websites that implement HTTPS somehow managed to do it.

    So why stop at 1? The only people who come out ahead by us having single point of failure, are the attackers. I think we should move from a pro-attack to a pro-defense strategy, though I guess we should let the people at NSA, FSB, Chinese government and the Mafia weigh in on this before we make any hasty decisions.

    I linked to the WoT article to inspire/remind people to think about the robustness of multiple parties attesting to an identity instead of just one, as well as how you decide how much to trust any one given CA. (Which is something nobody does today.)

    What if one of the many signatures expires?

    What if one of the many certifiers disagrees with the others, due to malice or mistake?

    The WoT beats the living shit out of what we're doing today. It degrades gradually and more slowly when faced with simple failures, and it requires conspiracies (instead of someone coercing one single party) to undermine it. Perhaps that's why we don't use it: because it would be more secure, inconveniently too secure when you need to spy on someone. Or perhaps it's because people want to pretend that your confidence is either 0% or 100%, in spite of the fact that nothing ever really works like that.

    But that doesn't help you build a robust set of paths through the web of trust to users on the other side of the planet unless several people who attended the same key signing party also routinely travel internationally to key signing parties in other countries

    Actually some people do that (an international path through the WoT isn't that uncommon) but you're right that what happens today in PGP's WoT often isn't enough, and it really wouldn't be enough for everyone.

    But I wasn't suggesting that the faceless companies that you currently fully trust (hey someone, remind me: why?), have to be left out and replaced by amateurs, as somehow turned out to be the case with PGP. If we implemented the web's PK like PGP did it, then you could still have your cert signed by Verisign and LetsEncrypt and Comodo and your neighbor and your bank and state government and those people you lifted pints with at the conference bar. Sure beats having a single point of failure. Imagine your LetsEncrypt signature expired then. Imagine Comodo fucked up again. Imagine your own government told Verisign to lie or your neighbor was trying to MitM you. Instead of these being disasters where thousands of people have to scramble to minimize downtime, it would be a minor nuisance, detected quickly ("hey, one of these CAs disagrees with all the others..."), and with reputation ramifications.

    The catch is that we'd have to start valuing defense more than attack.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  27. Re:Hard to get your PGP key trusted internationall by bws111 · · Score: 1

    DMV? Good one. I just had the experience of 'proving' something to the DMV (NY). I needed to provide 2 'proofs of residence'. My mailing address is a PO box, as the wonderful USPS does not deliver to homes in our town. One of the proofs I had was my water/sewer bill. The bill has 'YOURTOWN WATER/SEWER DISTRICT' printed across the top, and had my address (street and house) listed as 'service to property'. The genius at the DMV would not accept that, because the 'service address' did not have the town listed. Exactly what town do they think 'Yourtown water/sewer district' serves?

    But it gets better. They gave me a form, which could be used to 'prove' my address. This form could be filled out by anyone, including my spouse, saying that I lived at the address I said I did. The person filling out the form doesn't have to appear in person, and the form doesn't even have to be notarized. Not sure how that proves anything.

    Oh, and another form of 'proof' that they will accept? 'A computer printed pay statement'. Man, who could ever forge one of those?

  28. Re:Let's Encrypt issues more than half of all cert by Anonymous Coward · · Score: 0

    Let's Encrypt has become a single point of failure for the majority of web sites and is thus too big to fail, which is a terrible thing to say about a CA. It needs to be broken up or preferably a more distributed way of securing web site encryption needs to be established.

    Um, the server software is open source:

    * https://github.com/letsencrypt/

    Have at it.

  29. Gov't websites by Anonymous Coward · · Score: 0

    I'm a sysadmin at a government website --- we were explicitly told by the local network police that we can't use Let's Encrypt (which was working flawlessly for over a year) because the certs expire too frequently.

    Yeah, I had to run one command every 6 months ...

    Now we use godaddy, if you can believe it.

    Gov't agency name omitted to protect the clueless

  30. Now's the time by Anonymous Coward · · Score: 0

    For 'Let's Encrypt' to open the torpedo tubes.

  31. Advert Injection by Anonymous Coward · · Score: 0

    Whoever complains about https has never lived in a country where every ISP injects adverts into every non-https website.

    There are huge positive effects for the minimal trade off of having to setup a certificate. Also the more the google pushes https-only, the easier the buildmywebsiteonline.coms will make the process for the normies.