Peter Eckersley’s Presentation on Let’s Encrypt at CCCamp15

Peter Eckersley gave an impressive presentation about the Let’s Encrypt initiative at CCCamp15.

Let’s Encrypt is mainly known for it’s plan to offer free SSL certificates, which is cool, but the most interesting part of Eckersley’s presentation starts about 25 minutes in where he discusses how the initiative plans to address issues surrounding vulnerabilities related to the Certificate Authority system itself.

The only thing I see personally that I wish Let’s Encrypt supported right out of the gate is Wildcard Certs, but Eckersley indicates in the Q&A session that they will be looking into things like Wildcard Certs after they’re certain the basic functionality of their CA is rock solid.


Firefox 3 and Self-Signed SSL Certificates

Firefox 3 changed how it handles self-signed SSL certificates — it gives users a big scary full-page warning that “The certificate is not trusted because it is self signed.”  You can add an exception for sites using self-signed certificates, but Firefox will warn you that ““Legitimate sites will not ask you to do this.”

The change has made some people unhappy, including Nat Tuck Thu who writes,

Now, it’s an interesting question as to exactly what the user interface should show for a self-signed website. Obviously it shouldn’t show a green address bar like the new (extra high price, major corporation only) EV certificates. But there is absolutely no excuse for it to be significanly less inviting to a normal user than an unencrypted site.

This is really an issue of the basic principles of internet openness. Everyone has equal access to the features of HTTP or SSH, there’s no reason why there should be artifical constraints on access to HTTPS. But that’s exactly what the Firefox SSL behavior does.

In response to various critics of the Firefox approach, Johnathan Nightingale makes a persuasive case in favor of Firefox’s handling of self-signed certificates,

The question isn’t whether you trust your buddy’s webmail – of course you do, your buddy’s a good guy – the question is whether that’s even his server at all.  With a CA-signed cert, we trust that it is – CAs are required to maintain third party audits of their issuing criteria, and Mozilla requires verification of domain ownership to be one of them.

With a self-signed certificate, we don’t know whether to trust it or not.  It’s not that these certificates are implicitly evil, it’s that they are implicitly untrusted – no one has vouched for them, so we ask the user.  There is language in the dialogs that talks about how legitimate banks and other public web sites shouldn’t use them, because it is in precisely those cases that we want novice users to feel some trepidation, and exercise some caution. There is a real possibility there, hopefully slim, that they are being attacked, and there is no other way for us to know.

On the other hand – if you visit a server which does have a legitimate need for a self-signed certificate, Firefox basically asks you to say “I know you don’t trust this certificate, but I do.”  You add an exception, and assuming you make it permanent, Firefox will begin trusting that specific cert to identify that specific site.  What’s more, you’ll now get the same protection as a CA signed cert – if you are attacked and someone tries to insert themselves between you and your webmail, the warning will come up again.

One of the complaints I’ve seen in a number of forums is that with a CA signed cert you’re paying potentially hundreds of dollars, but it turns out there are free cert provides. StartSSL, for example, has a free cert, for example. They verify domain ownership by requiring you to upload an arbitrary file to the website you want the cert for.