Re: OT: Risks of CAs (Re: Your web development opinions)
On Thu, 24 Feb 2011 13:05:09 -0300 Hugo Osvaldo Barrera wrote: http://www.startssl.com/ Why pay if you can have one for free trusted by every major browser? Sure, the class 2 ones are pay-for, but the free one works as well as I have it working on relayd with a clean firefox profile automatically importing the intermediate and it works on chromium and IE (not checked how likely an IE user is to have the root certs update, default win7 doesn't have them but my gaming XP box does but I selected the update). However no matter what I do I can't get Opera to automatically import the StartCom Class 1 Primary Intermediate Server CA certificate. Can someone confirm that they have a default Opera working with a startcom ssl certificate via relayd.
Re: OT: Risks of CAs (Re: Your web development opinions)
On Wed, 1 Jun 2011 14:51:42 + Kevin Chadwick wrote: Can someone confirm that they have a default Opera working with a startcom ssl certificate via relayd. Does anyone know if Iphones should work too? Though i don't know if they even have the root cert.
Re: OT: Risks of CAs (Re: Your web development opinions)
On Wed, Feb 23, 2011 at 15:51, Olivier Mehani sht...@ssji.net wrote: Just some OT thoughts. On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote: CA's cannot be trusted to even pay attention to carefully securing your certificate. B Here in the US, the government can simply ask for your certificate and get it ( and possibly even use it to impersonate you) The government would have the certificate, but not the private key, so I'm not sure how they can impersonate you with it. However, they can just get their own key to *any* shoddy CA included in browsers, and get a certificate linking that key to your services without much problem. The problem is not really whether there is a trust relationship between your CA provider and you, it's whether at least *one* CA is laxist enough that they give out certificates without thorough checking. Even with your self-signed approach, somebody could get a CA to issue a certificate that their key is good for your website, and impersonate it to any of your new-coming customers who haven't been exposed to your official key yet. I may also be wrong in my analysis, but as far as my understanding goes, it's correct. -- Olivier Mehani sht...@ssji.net There is a project (which I'm contributing to so take this with a grain of salt) -- Perspectives http://www.networknotary.org/ -- that is trying to solve this problem: how to detect a MITM attack or a rogue CA. The idea is quite simple: provide a Firefox (and in short time a Chrome) plug-in that contacts a series of trusted (see below) notary servers that give back their SSL certificate finger-print observations. If the browser's observed SSL certificate matches the ones provided by the notaries -- with a sensible time frame -- that everything is Ok (there could be false positives though). If not it triggers an alarm (which could be a false negative). Therefore this works with all kind of certificates -- self-signed, trusted CA's or untrusted CA's. (In fact the notaries are able to observe both SSH or arbitrary TLS/SSL based services certificates.) The trust moves from the CA to a set of peer-to-peer, geographically distributed, independently run, notary servers (with a quorum decision). (But like in the case of Tor (or other peer-to-peer security systems) you could be in trouble if someone is able to take over a great deal of the nodes.) Also because this is more for MITM attacks, rogue CA's can be detected only if the government isn't able to redirect all traffic to the rogue server for a large time frame. (Thus for example if government X is able to impersonate the server only in region X, but not in other regions, notaries in those others regions will signal the possible rogue CA / servers.) Ciprian.
Re: OT: Risks of CAs (Re: Your web development opinions)
On Tue, Mar 22, 2011 at 05:33:01PM +0200, Ciprian Dorin Craciun wrote: CA's cannot be trusted to even pay attention to carefully securing your certificate. B Here in the US, the government can simply ask for your certificate and get it ( and possibly even use it to impersonate you) The problem is not really whether there is a trust relationship between your CA provider and you, it's whether at least *one* CA is laxist enough that they give out certificates without thorough checking. Even with your self-signed approach, somebody could get a CA to issue a certificate that their key is good for your website, and impersonate it to any of your new-coming customers who haven't been exposed to your official key yet. There is a project (which I'm contributing to so take this with a grain of salt) -- Perspectives http://www.networknotary.org/ -- that is trying to solve this problem: how to detect a MITM attack or a rogue CA. The idea is quite simple: provide a Firefox (and in short time a Chrome) plug-in that contacts a series of trusted (see below) notary servers that give back their SSL certificate finger-print observations. If the browser's observed SSL certificate matches the ones provided by the notaries -- with a sensible time frame -- that everything is Ok (there could be false positives though). If not it triggers an alarm (which could be a false negative). Therefore this works with all kind of certificates -- self-signed, trusted CA's or untrusted CA's. (In fact the notaries are able to observe both SSH or arbitrary TLS/SSL based services certificates.) The trust moves from the CA to a set of peer-to-peer, geographically distributed, independently run, notary servers (with a quorum decision). (But like in the case of Tor (or other peer-to-peer security systems) you could be in trouble if someone is able to take over a great deal of the nodes.) Also because this is more for MITM attacks, rogue CA's can be detected only if the government isn't able to redirect all traffic to the rogue server for a large time frame. (Thus for example if government X is able to impersonate the server only in region X, but not in other regions, notaries in those others regions will signal the possible rogue CA / servers.) This is an interesting approach, I'll see if I can do something with it (; However, it also reminds me a lot of MonkeySphere [0], which leverages the PGP WoT, and allow host keys (SSH, SSL) to be signed with the admin's PGP key. This also has the effect of decentralising the key management. However, I suspect there is a risk of false positive/negative, and I'm not sur which one is the worst. I think this is definitely the problem of those decentralised approaches. Note that somebody paying a CA to issue a false certificate would be a false positive anyway... [0] http://web.monkeysphere.info/ -- Olivier Mehani sht...@ssji.net PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OT: Risks of CAs (Re: Your web development opinions)
Am 28.02.2011 um 03:10 schrieb Hugo Osvaldo Barrera: You CAN submit the CSR through the web interface. Nobody doubted that. -- Jonathan [demime 1.01d removed an attachment of type application/pgp-signature which had a name of PGP.sig]
Re: OT: Risks of CAs (Re: Your web development opinions)
On 26/02/11 19:21, Jonathan Schleifer wrote: Am 24.02.2011 um 18:34 schrieb Hugo Osvaldo Barrera: I use their web interface to generate them. It gets stuck sometime, buy usually works. (Yeah, it's definitely not the best). Letting them generate one is a stupid idea - then they got your private key. Better is it to just send them a CSR. -- Jonathan [demime 1.01d removed an attachment of type application/pgp-signature which had a name of PGP.sig] You CAN submit the CSR through the web interface. -- Hugo Osvaldo Barrera
Re: OT: Risks of CAs (Re: Your web development opinions)
Am 24.02.2011 um 18:34 schrieb Hugo Osvaldo Barrera: I use their web interface to generate them. It gets stuck sometime, buy usually works. (Yeah, it's definitely not the best). Letting them generate one is a stupid idea - then they got your private key. Better is it to just send them a CSR. -- Jonathan [demime 1.01d removed an attachment of type application/pgp-signature which had a name of PGP.sig]
Re: OT: Risks of CAs (Re: Your web development opinions)
I think your guys are into elaborate schemes and totally forgetting low-level tech/social engineering attack. Remember that most people out there don't understand https, they will just see that little lock and think I'm secure... yeah, sure, from 3rd party. But it's so easy to set up a fake site, get some valid credentials from any CA that accepts it for money, and lure people in. Between OpenID, facebook, and heck, the fact that most people reuse the same password, you can harvest a lot of valid accounts on a lot of sites. And then the real fun begins.
Re: OT: Risks of CAs (Re: Your web development opinions)
On Thu, 24 Feb 2011 10:16:36 +0100 Marc Espie wrote: the fact that most people reuse the same password, You hear about that now said to be non existent security firm that was helping the fbi track down a support group of wkileaks called anonymous and ended up with all their email on wikileaks because the security firms bosses use the same pass on their email as found on their web CMS. http://www.h-online.com/security/news/item/More-background-on-the-US-security-firm-break-in-1191797.html; That made me chuckle. Atleast thanks to wikileaks, the fbi have had it drummed into them that data was insecure for crying out loud, they should stop pointing the finger outbound and get their house in order. Also sometimes seeing reactions to information without knowing why leads to horrible assumptions and reactions instead of the response well I don't agree but I see why you did that. and well that was obviously a corrupt individual or group Sorry for changing the subject. I don't like having to trust dozens of CA and it's definitely not the best solution, but I don't see any alternative for this sort of thing. DNScurve/DNSSEC have been suggested, but how secure is the DNS infrastructure? I hate paying for ssl certs, just to get rid of the warnings.
Re: OT: Risks of CAs (Re: Your web development opinions)
I am going to point out another factor in my reasoning: Basically, there is no reason to assume that my self-signed certificate is any less secure than paying someone who is in a browsers root certificates. As a contractor in construction, one article I wrote for my potential customers is how to decide if you should do the work yourself `or hire someone else to do it. In this case, if I hire someone as a CA, I have just spent money. That comes straight out of my wages. I have to now earn this money back or not eat, pay rent, etc. If I self-sign, I now get to keep that money. In fact, I may now be able to spend additional time improving security on my websites and my programming. I could potentially end up improving users security by NOT having to earn back spent money. It is not my fault if some users are stupid. I actually spent some time making security details available to my users. If they care, they are now educated, if not, what can you do? Chris Bennett
Re: OT: Risks of CAs (Re: Your web development opinions)
On 02/24/2011 11:59 AM, Chris Bennett wrote: I am going to point out another factor in my reasoning: Basically, there is no reason to assume that my self-signed certificate is any less secure than paying someone who is in a browsers root certificates. As a contractor in construction, one article I wrote for my potential customers is how to decide if you should do the work yourself `or hire someone else to do it. In this case, if I hire someone as a CA, I have just spent money. That comes straight out of my wages. I have to now earn this money back or not eat, pay rent, etc. If I self-sign, I now get to keep that money. In fact, I may now be able to spend additional time improving security on my websites and my programming. I could potentially end up improving users security by NOT having to earn back spent money. http://www.startssl.com/ Why pay if you can have one for free trusted by every major browser? Sure, the class 2 ones are pay-for, but the free one works as well as a self-signed one (except for the CA sells out like paypal idea, which I admit is possible, though, in the US, the government can just push any CA to give them a valid cert anyway. It is not my fault if some users are stupid. I actually spent some time making security details available to my users. If they care, they are now educated, if not, what can you do? Nothing, educating is the only solution, if they don't care, it's their problem. Chris Bennett -- Hugo Osvaldo Barrera
Re: OT: Risks of CAs (Re: Your web development opinions)
http://www.startssl.com/ Why pay if you can have one for free trusted by every major browser? Sure, the class 2 ones are pay-for, but the free one works as well as a self-signed one (except for the CA sells out like paypal idea, which I admit is possible, though, in the US, the government can just push any CA to give them a valid cert anyway. -- Hugo Osvaldo Barrera That's a seemingly good idea except that they don't return any attempt to get a certificate. So I gave up on them a long time ago.
Re: OT: Risks of CAs (Re: Your web development opinions)
On 02/24/11 17:50, Chris Bennett wrote: http://www.startssl.com/ Why pay if you can have one for free trusted by every major browser? Sure, the class 2 ones are pay-for, but the free one works as well as a self-signed one (except for the CA sells out like paypal idea, which I admit is possible, though, in the US, the government can just push any CA to give them a valid cert anyway. -- Hugo Osvaldo Barrera That's a seemingly good idea except that they don't return any attempt to get a certificate. So I gave up on them a long time ago. The free certs or the government? :-)
Re: OT: Risks of CAs (Re: Your web development opinions)
On 02/24/2011 01:50 PM, Chris Bennett wrote: http://www.startssl.com/ Why pay if you can have one for free trusted by every major browser? Sure, the class 2 ones are pay-for, but the free one works as well as a self-signed one (except for the CA sells out like paypal idea, which I admit is possible, though, in the US, the government can just push any CA to give them a valid cert anyway. -- Hugo Osvaldo Barrera That's a seemingly good idea except that they don't return any attempt to get a certificate. So I gave up on them a long time ago. I use their web interface to generate them. It gets stuck sometime, buy usually works. (Yeah, it's definitely not the best). -- Hugo Osvaldo Barrera
OT: Risks of CAs (Re: Your web development opinions)
Just some OT thoughts. On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote: CA's cannot be trusted to even pay attention to carefully securing your certificate. Here in the US, the government can simply ask for your certificate and get it ( and possibly even use it to impersonate you) The government would have the certificate, but not the private key, so I'm not sure how they can impersonate you with it. However, they can just get their own key to *any* shoddy CA included in browsers, and get a certificate linking that key to your services without much problem. The problem is not really whether there is a trust relationship between your CA provider and you, it's whether at least *one* CA is laxist enough that they give out certificates without thorough checking. Even with your self-signed approach, somebody could get a CA to issue a certificate that their key is good for your website, and impersonate it to any of your new-coming customers who haven't been exposed to your official key yet. I may also be wrong in my analysis, but as far as my understanding goes, it's correct. -- Olivier Mehani sht...@ssji.net PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OT: Risks of CAs (Re: Your web development opinions)
On Wed, Feb 23, 2011 at 9:21 AM, Olivier Mehani sht...@ssji.net wrote: Just some OT thoughts. On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote: CA's cannot be trusted to even pay attention to carefully securing your certificate. B Here in the US, the government can simply ask for your certificate and get it ( and possibly even use it to impersonate you) The government would have the certificate, but not the private key, so I'm not sure how they can impersonate you with it. it's a little more detailed than that they gov could say revoke his cert on the crl, and assign the next iteration to me with my arbitrary req generated with my arbitrary key at that point it would not matter if they don't have *his* private key if he controls the ca, then the gov/whoever is forced to do true mitm the big problem with the first is that chances are that your ca company is american/european (no bullet proof host), and they will give in like paypal wrt wikileaks However, they can just get their own key to *any* shoddy CA included in browsers, and get a certificate linking that key to your services without much problem. The problem is not really whether there is a trust relationship between your CA provider and you, it's whether at least *one* CA is laxist enough that they give out certificates without thorough checking. Even with your self-signed approach, somebody could get a CA to issue a certificate that their key is good for your website, and impersonate it to any of your new-coming customers who haven't been exposed to your official key yet. I may also be wrong in my analysis, but as far as my understanding goes, it's correct. -- Olivier Mehani sht...@ssji.net PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE B F5F9 F012 A6E2 98C6 6655 [demime 1.01d removed an attachment of type application/pgp-signature]