User topics

Article topics

Log in Sign up

Let's Encrypt gets automation

Hoping to expand the pool of Let's Encrypt testers, TrueCrypt audit project co-founder Kenneth White has run up a set of scripts to automate the process of installing certificates under the Mozilla-backed open CA. White, co-director of the Open Crypto Audit Project, has posted the work at Github, here. He explains that the …

COMMENTS

Post your comment

House rules Send corrections

Add to 'My topics'

Monday 9th November 2015 03:53 GMT tom dial

Why?

Why should I trust a certificate from Lets' Encrypt more than I do one from any of the other authorities that come with my browser? I do so because I must trust some of them in order to engage in commercial transactions on the internet, and without a good deal of labor cannot determine from which of them I might choose to remove trust without disrupting that. In trusting them I am, in fact, trusting whoever packaged the in-use browser, whether Google, Mozilla, or some other, whom I have no real reason to trust. A quick examination shows that the first few in this browser expired earlier this year, and the next few were issued long enough in the past that I doubt their key length despite the fact they are marked for expiration more than 20 years in the future. Over the last few years, I have had to remove trust from some when they were compromised and fake certificates were issued using their signatures. The whole arrangement strikes me as shaky, and it is not obvious that adding a new CA will bring a large, or even measurable, improvement.

3 6 Reply
1. Monday 9th November 2015 05:09 GMT A Known Coward
  
  Re: Why?
  
  You're confusing the purpose of Let's Encrypt. The project has nothing to do with increasing trust in certificate authorities.
  
  Which doesn't mean you cannot trust Let's Encrypt, only that if you're looking for a solution to the trust problem then you need to re-invent the whole certificate system. LE is about giving everyone access to certificates free of charge, with no strings, no 'revocation fees' and no limits to the number of certificates you can deploy. It's about removing the barriers to deployment even on the lowliest website and thus bringing about the long overdue age of complete encryption to the internet.
  
  Aside from issuing certificates, the project also comes with a suite of tools which will properly configure your server to use the best possible TLS configuration, which alone makes it extremely valuable. Many servers still offer outdated or incomplete configs which are no longer secure, LE is offering a one-click solution that handles the whole process for you.
  
  There are plenty of other projects and solutions attempting to solve the 'trust' issue, including Public Key Pinning - although you still have to trust the browser and intermediate proxies, and let's face it, if you cannot trust those then no amount of encryption is meaningful.
  
  15 1 Reply
  1. Monday 9th November 2015 06:27 GMT Anonymous Coward
    
    Re: Why?
    
    And that's a big mistake. Certificates means authentication first and encryption second. Encrypting without proper authentication is useless. Yes, you encrypt, while communicating with who?
    
    This is just alike the abysmal state of domain registration. Crooks can easily get millions of domains, including those very close to legitimate ones. Allow them to easily get certificates also and everything becomes useless to protect users.
    
    The whole PKI architecture was designed with a proper vetting procedure before releasing a certificate in mind. Without it, it can't work. Actually, EFF & C. aren't making communications more secure, they're making them less secure.
    
    1 15 Reply
    1. Monday 9th November 2015 07:05 GMT Anonymous Coward
      
      Re: Why?
      
      That's what extended validation certificates are for. You will simply not be able to get an EVC for payzpal.com
      
      Free domain-only certificates are part of the carrot-and-stick approach to depreciating non-secure HTTP entirely.
      
      Now go on, argue with a straight face how unencrypted AND unauthenticated is more secure than domain-only authentication + encrypted. The only people upset about this are the certificate sellers who's money-for-nothing gravy trains are about to be derailed.
      
      13 1 Reply
      1. Monday 9th November 2015 07:17 GMT Anonymous Coward
        
        Re: Why?
        
        And do you believe most internet users know the difference? You can do encryption without certificate, for the matter, it's just TLS was designed around certificates because it implies authentication. Actually, they're crippling TLS because they're driven by a political agenda instead of a technical one.
        
        They're making MITM easier, because they're blindly charging government snooping. Guess those same agencies are applauding they're naivety. Most less known business and people are at risk of fake certificates, paypal not, but what about your local bank and businesses? Do you believe bad encryption is so different of no encryption? False sense of security can be very dangerous.
        
        Certificates seller will only get a boost by a flood of useless, dangerous certificates.
        
        1 9 Reply
        
        Monday 9th November 2015 08:04 GMT Anonymous Coward
        
        Re: Why?
        
        There are two issues. You're arguing that encryption doesn't insure identity, and we know that, and we don't care*. We're arguing that encryption will prevent your ISP, your government, and/or some 3rd-party from reading your traffic. That's all this new, free CA will do.
        
        * really, we don't, because real, charge-what-the-market-will-bear CA's have been delisted for improperly issuing certificates. This is an ongoing, yet separate, problem (see Google's recent ultimatum to Symantec) and you'll never solve both of them at once.
        
        12 0 Reply
        
        Monday 9th November 2015 11:53 GMT Anonymous Coward
        
        Re: Why?
        
        No, a free CA will just make easier to obtain a fake certificate for somebody's else site if no vetting procedure is in place before releasing a certificate. It actually make snooping *easier*. Again, encryption is useless if you can't check whom you're really talking to.
        
        And what happen, if say MS, removes this CA from its list of CAs because it's releasing "bad" certificates? Sure, EFF, Mozilla and so on will start to whine.
        
        Moreover, your private key needs to be stored *on your server* to be accessible by your web/mail server etc. Guess how many private keys stored on lame hosting or badly configured servers will be easily accessible to governments, etc.? Do you believe GoDaddy & C. will not handle keys to FBI/NSA/GHCQ and so on?
        
        0 8 Reply
        
        Monday 9th November 2015 15:33 GMT Confused Vorlon
        
        Re: Re: Just another attempt
        
        > No, a free CA will just make easier to obtain a fake certificate for somebody's else site if no vetting procedure is in place before releasing a certificate.
        
        You can't get a certificate for somebody else's site. You have to demonstrate that you control the domain.
        
        5 0 Reply
        
        Monday 9th November 2015 17:45 GMT A Known Coward
        
        Re: Why?
        
        > No, a free CA will just make easier to obtain a fake certificate for somebody's else site if no vetting procedure is in place before releasing a certificate. It actually make snooping *easier*.
        
        Why don't you go read up on the project before you say anything more? Let's Encrypt's validation/verification procedures are far stricter and more robust that every large CA I've dealt with. Additionally their process is automated removing the possibility for user error - the system simply won't issue a certificate for a domain for which you cannot prove possession (* though not ownership, this is no different to any other CA).
        
        1 0 Reply
Monday 9th November 2015 10:00 GMT Stuart 22

Secure financial transactions are one thing, not having your WordPress or forum login sent in plain text is another. Indeed nothing private should be sent in plain text (listening el reg?). But at the bottom non-commercial level you are not going to get usable encryption unless it is free or nearly free.

That's what let's encrypt is about. How the big boys earn trust is another. EV seems to work. The education of users when to demand EV is another matter. Not sure how we can crack that.

7 0 Reply
1. Monday 9th November 2015 11:59 GMT Anonymous Coward
  
  You don't really need a certificate to encrypt a channel with a session key. Algorithms like Diffie-Hellman work perfectly without a certificate. Just, the designer of SSL/TLS understood that without authentication of the parties, you can't really be sure who Bob is, if you don't have any mean to check it.
  
  Certificates are there to ensure Bob is really Bob. Once anybody can ask a certificate for Bob and no one checks if he's really Bob, well, basically you're removing the protection offered by certificates. They're downgrading TLS security, and can't see the consequences, just to say "take that, NSA!". Childish.
  
  0 7 Reply
  1. Monday 9th November 2015 12:35 GMT Anonymous Coward
    
    D-H is also useless against a MITM because Mallory can just bridge two separate connections together and pretend to be the opposite connection each way. As for seeing if Bob is really Bob, that goes to the intractable First Contact Problem. Because Alice has no frame of reference, she has no true way to know Bob is really Bob (not even in a face-to-face encounter), and you can't rely on a Trent for the same reason (Is Trent really Trent, ad infinitum?) At some point, you're going to have to choose: take the plunge or get off the Net, because what you're arguing is basically that.
    
    3 0 Reply
  2. Monday 9th November 2015 21:00 GMT chasil
    
    key verification
    
    You can use the stunnel utility to verify a specific key.
    
    You can extract the public key from a TLS session using a variety of means, and record it to a file. It will look like this:
    
    -----BEGIN CERTIFICATE-----
    
    MIID/TCCAuWgAwIBAgIJALT/9skCvdR5MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
    
    ...
    
    -----END CERTIFICATE-----
    
    Then you configure stunnel with something like this:
    
    echo 'FIPS = no
    
    client = yes
    
    verify = 4
    
    cafile = /path/to/publickey.pem
    
    [client-https]
    
    accept = 127.0.0.1:65432
    
    connect = your.remote.server.com:443' > stunnel-verify.conf
    
    Then run stunnel with that configuration, and it will refuse to connect to any server that does not have the correct private key.
    
    Your local client will need to make a plaintext connection to port 65432 on localhost. If the connection is successful and the remote server responds, you can be sure that the remote keypair has been verified.
    
    0 0 Reply
Monday 9th November 2015 12:41 GMT Anonymous Coward

"Certificates are there to ensure Bob is really Bob" -- LDS

I understand what you are saying in terms of worrying that this is weakening TLS, but the weakness was already there. Users have to realise what it is that they are using to trust that Bob is Bob. You don't have to install a LE root cert (or keep one installed), after all.

There's a lot of other good reasons to encrypt the entire web than 'sticking it to the NSA' One of these is that access to other peoples credentials and web content is often a big security risk in itself --- probably bigger than the MITM risks we are talking about.

In the end people will have to learn that it isn't just 'padlock or no padlock' but that they need some indication of certificate quality. We could certainly do with speeding up DNSSEC for example. But I don't think Lets Encrypt really weakens TLS --- rather it makes people aware of the weaknesses inherent within it (and any digital certificate scheme).

1 0 Reply
1. Monday 9th November 2015 13:15 GMT Anonymous Coward
  
  "In the end people will have to learn that it isn't just 'padlock or no padlock' but that they need some indication of certificate quality. We could certainly do with speeding up DNSSEC for example. But I don't think Lets Encrypt really weakens TLS --- rather it makes people aware of the weaknesses inherent within it (and any digital certificate scheme)."
  
  But what if the Average Joe is just plain too apathetic to care? IOW, what if the minimum necessary level of security is just too much hoop-jumping for them: basically a bridge too far? Like settling for dead bolts and not caring about cinder blocks through windows?
  
  0 0 Reply
Monday 9th November 2015 13:25 GMT Anonymous Coward

Free != Incompetent

Nice that you're slandering Let's Encrypt by claiming that they'll issue certs for domains you don't own.

From what I've seen their procedures look tighter than many high price CA.

I guess you have your agenda whatever it is.

4 0 Reply
Monday 9th November 2015 14:19 GMT Joe Harrison

same old

I don't see the point. Let's Encrypt seem to be the latest in a series of other free CAs. For example www.cacert.org have been around for years and I never see sites using their certs. You can get a "real" SSL certificate in the free to 10 dollar range so why Let's Encrypt?

0 2 Reply
1. Monday 9th November 2015 14:54 GMT Anonymous Coward
  
  Re: same old
  
  No, not same old.
  
  Cacert root isn't included in browsers so it's as useless as self-signed.
  
  2 0 Reply
2. Tuesday 10th November 2015 23:39 GMT A Known Coward
  
  Re: same old
  
  One crucial difference, aside from the one about LE being trusted by all browsers, is that LE are shipping a one-click solution that can be integrated by shared hosting provider or run as a standalone application on the server. It generates the keys, requests and downloads the certificate and configures the server for you - meaning you don't need to know how to do these things yourself. That has always been a barrier for many smaller sites, the need to go through a multi-step process including manual configuration changes and LE addresses that.
  
  0 0 Reply
Monday 9th November 2015 14:28 GMT phil dude

a no-sudo version...

Here is a github project which allows you to achieve the same thing but without letting some unknown script run as root and mess with your system.

This is something that needs to happen, one way or another....

El Reg, fancy showing is how its done?

P.

3 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2024