[Discuss] free SSL certs from the EFF

[tmetro+blu at gmail.com (Tom Metro)]

Edward Ned Harvey (blu) wrote:
>Tom Metro wrote:
>> ...if the host name even sounds like a site that might sell things
>> (e-commerce), they won't issue a cert.
> 
> Huh?  I use them for numerous companies, including e-commerce.
> Where'd you hear that?

Directly from them when I applied for a cert.

Here:
https://www.startssl.com/?app=39

It says:
  The StartSSL Free (Class 1) digital certificates...provide modest
  assurances and are meant to secure personal web sites, public forums
  or web mail.


And when I applied for a cert for a domain with "shop" in the name, even
though it had no e-commerce, they rejected it with:

  Thank you for requesting a digital certificate with us. However Class
  1 certificates are not meant to be used for commercial activities or
  financial transactions according to our policy. For this purpose
  please consider upgrading to Class 2 or higher verification level.

They're documentation could state this limitation more clearly. I
explained to them the site had nothing to do with financial
transactions, to which they responded:

  Unfortunately we can't control for which exact purpose you are/will be
  using the certificates. The rejection has been triggered by the 'shop'
  key word at your domain which is not allowed at Class 1 Free
  certificates. Financial institutions and e-commerce web sites must
  upgrade to a validated level. Thank you for your understanding.

So basically if you sound like a store, you're out of luck. If you don't
sound like a store, you can use the cert for whatever you want.
Automation at its finest. (Not sure why they bother to have humans
sending out and responding to the notices if they aren't empowered to
override the automation.)



> if I've been accidentally slipping through the cracks all these
> years.

Yes, you have.


>> But EFF isn't stopping with merely making the certs free. You still
>> have to jump though a few hoops with StartCom, and it sounds like
>> EFF wants to add more automation to the issuing process to make it
>> faster/trivial to add SSL to a site.
> 
> I think when you say you have to jump through a few hoops with
> startssl, you just mean you have to receive the validation email(s)
> and either figure out how to generate your own CSR, or trust them to
> generate the private key for you.  And then you download the cert and
> install it into apache (or whatever.)

Yes. Plus pretty much every cert I've requested from StartCom has
prompted one of their support people to email requesting additional
identifying information.


> Whereas these guys have the tool that basically automates all that
> process.

Yes.


> They say it takes 1-3 hours. For me, it takes about 10 minutes, but
> maybe I'm just good at it.

10 minutes seems perfectly realistic if you are already familiar with
the procedure, have already set up an account with the CA, and are
already familiar with the installation procedure on your web server.

Provision a cert from Comodo through Dreamhost's panel, and the process
similarly takes only about 10 minutes due to their automation and
hand-holding.


> They say their goal is 15-30 seconds, which is unrealistic.

Probably. That apparently excludes setting up an account at the CA
(which I'm guessing is still necessary) and installing their tool on
your web server. As you observed, they seem to be leaving out some setup
overhead.


> (Side note)  Historically, I've always thought, you need to generate
> your own CSR in order to keep your private key private.  But more
> recently I'm thinking, This is the CA we're talking about.  So what
> if they have the private key.  If they're going to attack you, you're
> screwed even if they don't have the private key - because they can
> perform a validated MITM attack, which is only a little more hassle
> for them.  (End Side Note)

True. Unless the client is taking extra steps to detect a cert change,
and even then who would suspect a new cert from the same CA as the
original one they fingerprinted?

However, if the CA is sloppier about handling your private keys than
they are about securing your own, it potentially expands your attack
surface. For example, your private key might reside on one of the CA's
web servers as they process your request, even if the actual signing
happens on a more secured back-end machine. That web server could get
compromised, leaking your private key to a third party.


> It looks like the main value they're talking about in that article is
> the ACME automated process for identity validation (... and automated
> installation).  I wonder if existing CA's like startssl would be
> unable to easily adopt a new automated process like that, because of
> the fact that they're a CA they must stick to their existing
> documented processes.

I would assume that if StartCom sees this new effort as adhering to the
same philosophy that led them to offer free certs themselves, that
they'd adopt the protocol to make their service equally easy to use.

What's less clear is whether StartCom will be motivated enough to invest
in the work needed to adopt the new protocol. I don't get the impression
that they've invested much in their infrastructure lately. Their site
seems hardly changed in many years.


> I'm also going to say - These EFF guys are a "new CA" which means
> they're going to face the same problem that startssl faced in terms
> of adoption.

Having Mozilla in their corner already gets them a big chunk of the
market. With Google's initiative to get HTTPS used everywhere, it seems
likely they would get on board with Chrome. I don't think Microsoft or
Apple would have any strong reason to reject this idea.

Still, I'm surprised they couldn't find an existing CA to partner with,
with StartCom being an obvious choice. If StartCom sees a viable
business model in giving away entry-tier certs for free, and charging
for higher featured certs, then probably one of the many hundreds of
other CAs would also be willing to give that a try.

It's quite likely that the launch isn't happening until Summer 2015
precisely because they know it'll take months to get their root cert
widely propagated.

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/