Google Joins Mozilla and Apple In Distrusting WoSign and StartCom Certificates (csoonline.com) 86
itwbennett quotes a report from CSO Online: Following similar decisions by Mozilla and Apple, Google plans to reject new digital certificates issued by certificate authorities WoSign and StartCom because they violated industry rules and best practices. The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by the two authorities after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them. Certificates issued before October 21 will continue to be trusted as long as they're published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers. "Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance," said Chrome security team member Andrew Whalley in a blog post Monday. "As a result of these changes, customers of WoSign and StartCom may find their certificates no longer work in Chrome 56. Sites that find themselves on the whitelist will be able to request early removal once they've transitioned to new certificates," Whalley said. "Any attempt by WoSign or StartCom to circumvent these controls will result in immediate and complete removal of trust."
Re:pre-existing (Score:5, Informative)
It's complicated. They're basically whitelisting all StartCom certificates before a certain issue date. However, WoSign silently took over StartCom and started sharing infrastructure and keys for about a year. When Mozilla investigated them for backdating weak certificates, they split up the operations again trying to 'fix' the situation and fired WoSign's CEO.
Since they were sharing infrastructure for about a year and it's not sure how many certificates were backdated a browser can't be sure when WoSign's key(s) and StartCom's key(s) were used to sign the certificate and whether or not it was backdated.
So they can't "trust all pre-existing certificates" but they can trust certain ones (the ones they are sure were definitely issued and signed by StartCom before they were taken over).
Re: (Score:1)
For small values of "fired". Richard Wang was still "acting CEO" last week and presumably remains in that position today.
Supposedly this is until his employers (QiHoo 360 basically) get their act together and appoint someone new. But being serious for a moment, a $$$ corporation like that will have big hitters it is able to parachute in within hours for an executive crisis, two days at most. If QiHoo actually wanted Wang gone, he'd have vanished off the face of the Earth. So this is a sign that the "show of
Re: (Score:2)
I see both WoSign and StartCom are still issuing certs. Not just SSL, but code signing for things like Windows drivers.
Seems like they are both basically out of business now.
Re: (Score:2)
No client certificates, only domain verification certificates.
Re: (Score:1)
Shared hosting and subdomains (Score:4, Informative)
Let's Encrypt, motherfucker.
ACME CAs such as Let's Encrypt have practical problems in the following situations:
A. The website is hosted on shared hosting, and the shared host offers no way to automatically run Certbot or another ACME client to request and install a certificate. There exist ACME clients that run without superuser privilege, but a provider may offer no way for subscribers to automate uploading a certificate obtained through an ACME client. Until very recently, for example, WebFaction required to manually file a support ticket every time. And for Let's Encrypt, this would be less than two months.
B. The owner of a domain allows users to sign up for subdomains. Let's Encrypt does not offer wildcard certificates and severely limits how many certificates can be issued under a particular domain in one week (source [letsencrypt.org]). This has already caused problems, for example, for operators of dynamic DNS services who want to make certificates available to their subscribers.
Stop babbling about client certs.
Why?
CORRECTION (Score:2)
And for Let's Encrypt, this would be less than two months.
Allow me to correct my prior comment: About two and a half months is practical. So a shared hosting subscriber would have to remember to renew the certificate and request installation from the provider about five times per year.
Re: (Score:2)
In which case that host sucks and customers should stop using them.
Many hosting plans are paid annually rather than monthly. If someone has paid ahead for several months of hosting, a $5 per year Comodo certificate valid until the date that the hosting is up for renewal would be cheaper than forgoing several months of paid-for services.
Some out there claim you need a separate IP address even though you don't [with Server Name Indication].
Only for the past two and a half years has that been true. Because Internet Explorer on Windows XP didn't support Server Name Indication, compatibility with all major supported web browsers required a separate IPv4 address for each certifica
Forever day bugs cause insecure clients (Score:2)
Windows XP reaching EOL only means that Microsoft stopped supporting it
We have chosen not to support an operating system that its publisher no longer supports. Because the operating system is proprietary software and will never see another security update, we can assume that a device running that operating system is likely to be infected with a keylogger or other malware that makes the browsing session unusably insecure, installed through exploiting a defect in the operating system published around or after the time that the operating system's publisher ended support. See Fore [techopedia.com]
Re: (Score:2)
So once your script determines that a particular certificate needs to be renewed, makes a CSR, and obtains a renewed certificate, how do you automate installation? Not all shared hosting providers offer an API to install a renewed certificate without human intervention.
Re: (Score:2)
Why the hell should we install their stupid software on our servers? It's a totally unnecessary extra security risk. A yearly certificate is PERFECTLY alright and is no kind of security risk. I don't know what Let's Encrypt's game is, but their intractable refusal to issue yearly certs is unacceptable and extremely stupid and I would rather pay for an SSL cert than put up with their bullshit attitude.
Re: (Score:3)
You don't have to run their software (that is, the reference implementation) on your servers. There's plenty of other ACME clients, including short Bash scripts that don't require root and are relatively easy to audit. You could write your own, if you want.
The short expiration times for Let's Encrypt certs exist for two reasons:
1. Revoking certs is a pain. Yes, OCSP is a thing, but malicious actors that can control the network can block OCSP and force users to keep trusting revoked certificates up to their
Re: (Score:2)
Yes I've heard those arguments, and no doubt OCSP will work for some people. However in my view they are taking a very preachy approach by flat-out refusing to issue 1-year certs, rather than just recommending the shorter-length ones. It's the kind of "our way or the highway" that the UX people at Google and Mozilla take with respect to their browser interfaces, and I consider it the height of arrogance. It turns me off the whole damn organization.
Let's Encrypt could easily have offered a 1 year option.
Re: (Score:1)
Gah, I didn't mean OCSP above, I meant ACME.
Re: (Score:2)
The security aspect (in regards to revocation) of shorter keys is nice, but encouraging automation to make widespread HTTPS use easy is the whole point of Let's Encrypt. It shouldn't be a surprise that they set cert lifetimes to encourage automation.
Without automation, deploying secure sites is a pain: administrators have to go through tedious, error-prone manual work that the typical mom & pop business or individual website won't bother with. This maintains the status quo, with not many sites being sec
Re: (Score:2)
By "shorter keys" I mean "shorter certificate validity periods". Sorry for the confusion.
Re: (Score:2)
That's an argument for offering shorter cert lifetimes, offering automation, and defaulting to it. It is not an argument against offering year-long certs for those of us who prefer them. And frankly I consider integrating their software into my existing website to be a royal pain, so much so that I will be paying Comodo for a yearly cert instead just to avoid it. I'm fine with manually replacing my certs every year. I basically have to replace a few files on my system and reboot a few services.
Re: (Score:2)
No. All the other free certificates are limited to 90 days. The net effect of this decision is that only big companies and people with too much free time can afford TLS.
Re: (Score:1)
The net effect of this decision is that only big companies and people with too much free time can afford TLS.
Ummm, you can get a certificate issued by Comodo for $5 USD per year:
https://www.ssls.com/ssl-certi... [ssls.com]
It's a real certificate, trusted by all browsers,
It has both the Server Authentication (1.3.6.1.5.5.7.3.1) and Client Authentication (1.3.6.1.5.5.7.3.2) OIDs.
If securing your data on the internet isn't worth $5 to you, then I can't help you.
But please stop whining.
Re: (Score:2)
Re: (Score:1)
It's not trusted by my browser. I removed Comodo from my list of trusted CAs after their last breach. I'm astonished that they're still in business. Someone seriously suggesting trusting Comodo over StartCom is really showing how broken the CA system is.
Well now, it must SUCK TO BE YOU
Re: (Score:2)
It's shit. It doesn't let you choose what subdomain is on the cert, they just add "www". StartCom let you add a custom subdomain so you could secure devel.mydomain.com or something for a development site.
Argh, this whole situation sucks so much.
FUCK GOOGLE.
Re: (Score:2)
That's a showstopper for me, and probably others. With Comodo, I would have to buy a wildcard for hundreds of dollars instead of a few free certs from StartSSL. TLS just went from self-evident to unaffordable and out of reach.
Re: (Score:2)
That still means you have to buy 2 certificates just so you can get one for your main domain and your subdomain of choice though. It sucks hugely, compared to StartCom giving a free cert with a subdomain of your choice.
Re: (Score:2)
Any alternatives out there that are free and provide server *and* client certificates which are valid for at least 12 months (letsencrypt fanboys, don't bother)...?
I can get you as many certificates as you want that work as long as you want. Do you need a specific issuer? What about "Certificates For Cheapskates Inc.".
Re: (Score:2)
Back Date a couple of certificates ? Don't charge? Compete with another free certificate authority?
You are seriously understating the pattern of behavior [mozilla.org] on WoSign's part that led to this decision. (Comodo is no better IMO.)
Re: (Score:2)
You wanna talk about a shitty pattern of behaviour, look no further than Mozilla.
They have had nothing but complete contempt for their long-term users by turning their browser into an inferior copy of Chrome.
FUCK MOZILLA. Total bastards, the lot of them.
Yet Symantec remains? (Score:1)
Yet Symantec continues to be trusted? Despite being caught issuing fake Google certs?
https://www.eff.org/deeplinks/2015/09/symantec-issues-rogue-ev-certificate-googlecom
And then there is BlueCoat, the certificate they issued them to let BlueCoat fake practically any certificate... but hey, it was for "security" right? So that BlueCoat could run anti-virus checks on encrypted data for companies, while somehow the company couldn't simply add BlueCoat to the trusted authorities list? And in no way was that cov
Re: (Score:2)
And then there is BlueCoat, the certificate they issued them to let BlueCoat fake practically any certificate... but hey, it was for "security" right? So that BlueCoat could run anti-virus checks on encrypted data for companies, while somehow the company couldn't simply add BlueCoat to the trusted authorities list? And in no way was that cover for TLS interception by men in uniforms?
At work they use a Bluecoat proxy. They configured that magnificent product to decrypt outgoing SSL on-the-fly and reencrypt it on the inside with fake SSL certificates. That way the "security" team can spy on encrypted traffic (such as my gmail password).
In case you suspect your employer of doing the same thing, here's something I noticed. They apparently can't spoof issuers on the fly and there's too many of them to prepare in advance, so they use the same fake issuer for every single certificate. Corpora
Re: (Score:2)
You're missing the point. It's not about privacy, it's about opening the door to actual MITM attacks. I just used the gmail password as an example.
The purpose of SSL is to secure the connection between a client and a server. When you start injecting gateways that decrypt/scan/reencrypt the traffic, you break the system. You no longer can rely on actual issuers and certificates; you're basically trusting blindly a single source.
It's like having your ISP hijack DNS queries to show you ads when a domain is not
Re: Yet Symantec remains? (Score:1)
Is there someone else? (Score:2)
We have had Starcom certificates because they seem to be the only ones giving out free SSL certificates for websites.
Is there someone else doing this for free? No, we really can't buy them in our country and current situation.
Re: (Score:1)
maybe letsencrypt can help you.
https://letsencrypt.org/
Re: (Score:1)
Which sucks if you don't want to install their fucking software on your machine to update the certificate every 5 minutes because they refuse to issue annual ones.
Re: (Score:2)
I buy Comodo certs from a reseller for $6/year (no volume required). They are a bit clunky to setup at first because there's a few certs in the chain that are easy to miss if you're not careful, but they do work on all the browsers and devices I've tested.
Re: (Score:2)
IMO, $6/year is about how much a digital cert should cost. You are covering the compute time and bandwidth costs and then some.... I don't understand why DV certs are so expensive....
Re: (Score:2)
Well there's also WoSign... OH WAIT.
Nope, both of the sensible free options are killed now, everyone wanting free certs is being funneled into the Let's Encrypt bullshit.
Outrageous (Score:2)
This is terrible. Now there is only Let's Encrypt to get free SSL certs, which basically requires you to install their software on your machine to renew your certs because their expiry time is so ludicrously short.
Fuck you Google (and fuck you Mozilla, Google's lapdogs). I personally can use Pale Moon, but there's nothing I can do about the hordes using Chrome. :-(
Re: (Score:3)
What's the point of a free SSL cert if it can't be trusted? The whole point of having it is to establish trust that you are who you say you are.
Re: (Score:2)
Correction: the free certs only vouch that you admin the domain name, nothing more. That is not the same as trusting an individual or organization
Re: (Score:2)
Yeah but that's useful. I don't always need to "trust an individual or organization", sometimes I just want to be sure I'm really connecting to the proper server(s) for that domain.
Re: (Score:1)
Trust and encryption should be two different things, however. I find it funny that people berate those using self-signed certs citing trust issues, but will happily browse non-https sites as if that's more trustworthy. I may be in the minority, but I'd rather see some form of self-signed certs be 'allowed' so that we can at least move to a more secure browsing experience. Yes, it's still up to the user to decide if the site is actually trustworthy but that's now really much different than it is now. However
Re: (Score:2)
Because instead of a temporary halt on StartCom certs, Google are taking the draconian action of saying they will NEVER TRUST THEM AGAIN. That is ridiculous. What if StartCom start up under a different name, can they be trusted then?
They made a small mistake. It is so over the top to stop trusting them "for evermore" because of this that it makes me thing they're trying to corner the free SSL cert marker with Let's Encrypt.
Re: (Score:2)
It wasn't a "small" mistake.
The investigation concluded that WoSign knowingly and intentionally misissued certificates in order to circumvent browser restrictions and CA requirements. Further, it determined that StartCom, another CA, had been purchased by WoSign, and had replaced infrastructure, staff, policies, and issuance systems with WoSign's. When presented with this evidence, WoSign and StartCom management actively attempted to mislead the browser community about the acquisition and the relationship of these two companies. For both CAs, we have concluded there is a pattern of issues and incidents that indicate an approach to security that is not in concordance with the responsibilities of a publicly trusted CA.
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html [googleblog.com]
Re: (Score:2)
It still doesn't mean they have to PERMANENTLY stop trusting them. They could have given a path back to being trusted rather than robbing us of free year-long SSL certs.
Re: (Score:2)
It is so over the top to stop trusting them "for evermore" because of this that it makes me thing they're trying to corner the free SSL cert marker with Let's Encrypt.
To what end? Let's Encrypt has gotten some funding [letsencrypt.org] from Mozilla and others, but otherwise is a separate entity run by the ISRG.
Since they don't sell any certificates (they're all free of cost) and running the service ends up costing lots of money (about $3m/year [letsencrypt.org], they say), what motive would they have for "corner[ing] the free SSL cert marke[t]"?
Nothing's preventing anyone else from starting a free CA.
Re: (Score:2)
I think that if WoSign/StartCom made any meaningful moves toward rectifying the situation when it was first brought up, there wouldn't be an issue right now.
Everyone makes mistakes. All anyone is expecting is for the mistake to be acknowledged and corrected.
My understanding is that WoSign/StartCom basically ignored all efforts to get to an understanding and the yanking of trust is literally a last resort.
Re: (Score:2)
Well I'll have to now, won't I?
I hope you're fucking happy that I and many others have lost our perfectly good free SSL certs that worked fine for years, because literally 2 dodgy certs were issued by StarrCom. Now we'll be out of pocket for no good goddamn reason.
Re: (Score:2)
Fuck you Google (and fuck you Mozilla, Google's lapdogs).
You need to update your conspiracy theories. The paranoid series of twisted, ignorant logic that was once used to make this statement was utterly undermined when Mozilla stopped taking search referral money from Google.
Re: (Score:2)
Get back to me on that when Mozilla shut up shop, and officially tell their users to just install Chrome. Probably when Firefox's market share is at 1 or 2 percent. I predict that's exactly what they'll do. They've been on that trajectory for years now.
Will GoogleBots ignore the same sites Chrome does? (Score:2)
Google, the ultimate nanny state.
Re: (Score:1)
Reasonable (free or non-free) Alternatives? (Score:2)
I currently use StartCom certificates for my personal web server and email server (no, not related to Hillary). But I also use their client certificates (S/MIME).
I also use a backup MX service for my mail server, but recently that has changed hands and the price has started to go up.
So it would be nice to find a one stop shop to fill these needs:
1. Backup MX service (possibly with spam filtering service)
2. SSL certificate for a single domain (no wildcards, single server name is
Re: (Score:2)
I don't know of any one-stop-shop (certificate issuance and backup MX service are pretty orthogonal to each other), but there's plenty of CAs out there that will issue you certificates.
This Comodo reseller [ssls.com] sells PositiveSSL certs for ~$5/year with a validity time up to 3 years. That's about as cheap as you can get. They also offer (for the next few weeks, at least) GeoTrust, Symantec, and Thawte certs, but the costs for those are higher and they'll stop selling them in December. Comodo offers free S/MIME ce [comodo.com]