On Thursday, August 25, 2016 at 10:11:21 AM UTC-7, rugk wrote: > Hi, > I stumbled across this service by StartCom: > https://startssl.com/StartPKI (archive link: https://archive.is/GRkAK) > I got a bit afraid when looking at their nice screenshots > (https://archive.is/GRkAK#75%), because they offer intermediate > certificates for companies allowing them to issue certificates by > themself.
That's not prohibited of CAs to offer. > So I checked their site to find out what this is about. > The certs are "Trusted by all browsers" > (https://archive.is/GRkAK#selection-419.0-419.23). > So I thought in this case they (StartCom) need to control the process, > especially as they allow EV certs to be issued. > However here is what they state on their website: "StartPKI, let you > control your SSL certificate life cycle management by yourself, not by > the CA!" (https://archive.is/GRkAK#selection-517.0-517.96) > This does rather sound as if the company would have a web interface > where they can issue certificates like they want... That's typically known as "Managed CA", and is permitted by the BRs and EVGs, so long as the certificates issued comply with the BRs and EVG. > So I thought they at least keep the private key on their servers/HSMs. > However they mention "FIPS 140 Luna G5 HSM Secured" under "Setup your > name issuing CA" (https://archive.is/GRkAK#selection-619.0-631.24), so > does this indicate the companies have to setup a HSM? If so, for what if > it is not the private key of the intermediate? I'm not sure how you reached that interpretation. It suggests otherwise - that the CA maintains full control of the keys. Which is permitted. > On the other hand they say it you need no "No PKI infrastructure > Investment" (https://archive.is/GRkAK#selection-449.0-449.32), but the > "All controlled by yourself" > (https://archive.is/GRkAK#selection-673.0-673.26) is not a very > appeasing statement when it comes to who can issue certificates. > Also they say you can "Issue certificates instantly" > (https://archive.is/GRkAK#selection-425.0-425.28) (for free) I am > wondering how this can work for EV certificates. The EVGs cover how Enterprise RAs work, and this is permitted. (Section 14.2.2 of the EVGs) > On their news page (https://startssl.com/NewsDetails?date=20160428) they > say the intermediate CA is "for the exclusive use of the verified > organization". But how can they enforce this? > At least they say that "the intermediate CA will be provided by > StartCom's [...] infrastructure", so it seems they keep the intermediate > themself. Correct. > So at least they keep the private key. However this still does not > answer the question how they control the certificates issued by this > intermediate - especially when it comes to EV certificates. > It is also unclear what kind of verification is made when a company > issues a certificate with their own intermediate. It sounds like the core thrust of this post is that their English was not clear, but that's not a particular reason for concern. Everything you've highlighted has a benign, and permitted, interpretation. > Also note that there is a difference to StartResell. On their hompage > (https://startssl.com/NewsDetails?date=20160530) they also state, that > resellers have their own intermediate certificate. > However there they seem to do the verification by themself and "charge > the end user identity validation". This obviously does not happen for > StartPKI... Why do you claim "obviously"? I see no data to support this claim (either obviously or subtley) > The service is all in all quite questionable and statements like "All > controlled by yourself" are horrible to hear. I hope this statement is > just wrong and they somehow keep control. I'm not sure I would agree that it's horrible to hear. It seems the conclusion is based on marketing, written in broken English, rather than evidence of any malfeasance. StartResell allows reselling to end users (e.g. users whose domains you don't control). Most CAs offer some form of reseller agreement - aka revenue sharing - where the CA operates all the infrastructure from end-to-end, and gives you a cut of the profits. StartPKI seems no different than Enterprise RA - where, for domains you control, you can issue unlimited certificates. Provided those certificates and their issuance complies with the BRs and EVGs (which provide language that define how such should work), there appears to be nothing wrong here. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
