Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Encryption Electronic Frontier Foundation Privacy

Let's Encrypt Criticized Over Speedy HTTPS Certifications (threatpost.com) 207

100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "

The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."
This discussion has been archived. No new comments can be posted.

Let's Encrypt Criticized Over Speedy HTTPS Certifications

Comments Filter:
  • Strawman criticism (Score:5, Insightful)

    by QuietLagoon ( 813062 ) on Saturday July 22, 2017 @02:39PM (#54858587)
    Kaspersky Labs needs to get some good press, so they create a strawman reason to criticize Let's Encrypt and then start blogging. As Let's Encrypt says, "its role is not to police the internet, rather its mission is to make communications secure." One has to wonder why Kapersky Labs has a problem with that.
    • by nnet ( 20306 )
      Security theater. To appear to agree with gov's position on encryption, kaspersky is trying to appear to be on the same side, regardless their recent bad PR.
    • they've got strong ties to a fairly oppressive government.
    • It's not a strawman, it's real! Every Let's Encrypt certificate is a potential lost sale to guardians of security like Symantec, TurkTrust, and Diginotar! Let's Encrypt is nothing less than a communist plot to destroy the American computer industry!
  • by Anonymous Coward

    "I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

    Similarly, I don't think it makes a lick of sense that Google is a "super-authority" in deprecating entire CAs. That's rather close to a mechanism for monopoly.

    • Re: agreed (Score:5, Insightful)

      by Anonymous Coward on Saturday July 22, 2017 @02:47PM (#54858627)

      That's a large part of why the CA model is broken. CAs shouldn't be competing at all; they're there to provide a service. Imagine if OpenPGP keyservers were competing... There's no reason for it unless you're a bad actor to begin with.

      What LE is doing has helped people see that a security cert isn't something you should pay for, and that being signed by a CA doesn't mean anything, especially with the shitty politics Google et al have been playing at the CA level.

      The well is poisoned, and the big boys are attacking the people who pointed it out.

      • At the same time I believe there is a difference between encryption for the target site and a certificate saying the site is owned by the people who claim they do. The standard for the former is likely to be lower than for the latter.

        For example I want to know that the data for www.somedomain.mars is encrypted for said site, while for www.mybank.mars it is encrypted for the site and also owned by my bank.

        The real question should be what should the expectations of a certificate for a given context and are th

    • Re:agreed (Score:5, Insightful)

      by sexconker ( 1179573 ) on Saturday July 22, 2017 @03:46PM (#54858869)

      The fact that Chrome and FF use their own cert stores and update them unilaterally without the user ever knowing is absurd.

      The browser should use the cert store on the OS. And the OS should update the certs. (And when MS updates certs, it should optionally present detailed info to the user about changes.)

      The entire concept of CAs is built around trust in an environment where none of the actors and powers that be are trustworthy.

      • Re:agreed (Score:5, Insightful)

        by Anonymous Coward on Saturday July 22, 2017 @04:14PM (#54858981)

        Often the only indication the user has that they are being MITMed is precisely because the browser did not use the OS cert store.

        • Often the only indication the user has that they are being MITMed is precisely because the browser did not use the OS cert store.

          That's not a good reason for multiple cert stores managed by multiple parties. That's like having multiple gates to the same city where the North gate requires one set of ID and the South gate requires a different set.

      • by jaa101 ( 627731 )

        Why is Microsoft better qualified to maintain certificate stores than Mozilla and Google? It's not like every browser maintaining its own store on a machine is a huge drain on resources. When it comes to security, diversity is a good thing. Or should the UN institute a global authority to maintain a certificate store for use on every browser on every device?

      • by guruevi ( 827432 )

        What's absurd is that you use someone else's CA store to begin with. I remove CA's I don't interact with. I never had a problem removing things like the Turkish or Netherlands government, nobody uses their certificates.

        The problem is that Microsoft is the worst when it comes to vetting CA's because it could impact one of their "enterprise customers". As long as Microsoft puts their higher paying customer before you, they aren't trustworthy.

  • Nonsense (Score:5, Insightful)

    by gweihir ( 88907 ) on Saturday July 22, 2017 @02:43PM (#54858605)

    My boss recently got an ESL certificate from a reputable tier-1 vendor. The validation was a complete joke: A guy with bad English asked him some questions over the phone that anybody could have found the answers to with a bit of work. The only security in place for ESL certs is that they are not that cheap, but that does not help against a targeted attack, because they are not really expensive either.

    The bottom line is that certificates weakly ensure one thing: You are still talking to the same site on the next visit. They also ensure that small-time criminals will find it somewhat difficult to eavesdrop. And that is about it. In many cases, self-signed certificates will be more secure than that. The whole certificate-system is a bad joke, created by the utterly incompetent with too much trust and then corrupted by state-sponsored malicious actors. Incidentally, this is not a surprise. Basically all what is broken with the system now was predicted by perceptive people decades ago.

    • by Anonymous Coward

      Well of course ESL resulted in bad English

    • The whole point of encryption is to prevent data being snooped out in the open. Yet the biggest hang up has been the vetting process. In this case, also making the certificate issuer a notary. Why?? Why must SSL certs also be notarized? Why can't that be two different services or certificates. Maybe as a network admin, I want to block all traffic that hasn't been certified as trustworthy regardless of the fact it's encrypted or not. I mean, the point is to stop malware! Otherwise, we can go down the list of

    • by Zemran ( 3101 )
      What bugs me is that before Let's encrypt, if you created an http:/// [http] site all was well but if you made that site a little bit more secure by adding self signed certificates there were warnings on your site and visitors were warned against going there. The bottom tier of CA certificates only differ in that you gave someone money. At that time I only had to reply to an email and add a code to my web site. So there was a disincentive to adding a snake oil certificate that seemed to only be there to get you
      • by adolf ( 21054 )

        The theory behind the certificate chains is a web-of-trust sort of theory.

        In practice, it doesn't really work that way: Users are either greeted with no prompt and an unsecured connection, a prompt with a secured connection, or no prompt with a secured connection.

        That's all the user knows...and that's if they're even paying attention.

        (There's a fourth user-case of "The key has changed!!!2!!," but that's something that doesn't generally happen because DNS hijacking is uncommon these days.)

        I mean, I'm here a

    • In many cases, self-signed certificates will be more secure than that.

      That's a good point.

    • The biggest issue with self-signed certificates is that the client machine cannot verify if the certificate belongs to the domain owner. If you're running a malicious wifi spot, you can do a bit of DNS poisoning to direct your clients to the wrong IP address and then present a different self-signed certificate and perform a man in the middle attack.

      A LetsEncrypt cert can only be issued to someone who controls the domain in question and so gets round the man-in-the-middle issue.
      • The biggest issue with self-signed certificates is that the client machine cannot verify if the certificate belongs to the domain owner.

        That's why you should use a self-signed CA and use that to sign your working certs, rather than using self-signed working certs directly.

        • So how does the client machine know about your self-signed CA? Couldn't a man-in-the-middle attack do exactly the same thing and your client wouldn't know (if it was the first visit) whether it was your self-signed CA or someone else's self-signed CA?
    • In many cases, self-signed certificates will be more secure than that.

      Yes, this.

      I have a (self-signed) CA that I sign all of the certs I used with, and share it with other people I personally know and trust.

      I do not really trust certs signed by any other CA, because I don't know them and have no reason to trust them.

  • Follow the money (Score:5, Insightful)

    by Scutter ( 18425 ) on Saturday July 22, 2017 @02:48PM (#54858637) Journal

    "We're mad because Let's Encrypt makes it way too easy for the plebs to get a certificate without paying hundreds or thousands of dollars per year to a CA."

  • dotdotdot (Score:2, Insightful)

    by Anonymous Coward

    and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting?

    Why hold one CA to a completely different set of standards than every other CA?

    The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls...

    And how does any other CA prevent this after issuing certificates with the exact same level of proof of domain ownership?

    Are you claiming that because it's free that criminals can now finally obtain certificates?
    Criminal rings have profits and budgets orders of magnitude larger than most IT departments!
    That logic is as ass backward as it possibly could be.

    "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

    Then go get the CA/Browser Forum to amend their requirements that all CAs a

    • Why hold one CA to a completely different set of standards than every other CA?

      Because most other major CAs that offer domain-validated (DV) certificates also offer organization-validated (OV) or Extended Validation (EV) certificates for a higher price. Let's Encrypt does not.

      Then go get the CA/Browser Forum to amend their requirements that all CAs and web browser makers follow.

      Or write a browser extension to trust DV certificates less. Then you'll get a green bar on Twitter but a warning on Facebook. Comodo's Dragon browser, for example, has included something like this [netcraft.com], displaying a warning the first time the user visits a site using a DV certificate. The warning's text begins as foll

  • All I want is to have encrypted connections. Why do I have to pay a shit-ton of money for connections to my server to be properly encrypted and not to be treated like a criminal by browsers? Let's Encrypt does this. Yes, they're not verified very well; neither are standard SSL certificate (I know; I bought some with pretty much zero verification).

  • One big reason for the volume of certificate issuance is that LetsEncrypt forces you to update your certificates at least once every 90 days. This means that the number of certificates issued is guaranteed to be at least 4x the number that would be issued by a traditional CA, and realistically, more like 12x or even 20x.

    So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times that result in them issuing so many certificates each day, not for the number of certificates per se. That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

    • by king neckbeard ( 1801738 ) on Saturday July 22, 2017 @03:08PM (#54858697)
      The verification is performed by software, the same as any other CA. Less frequent renewals would not result in more through vetting.
      • by dgatwood ( 11270 )

        That's not entirely true. Other CAs require the owner of the domain to confirm the validity of the request via email. The 90-day renewal period makes that approach more difficult, because nobody would be willing to go through that headache every 90 days. Instead, Let's Encrypt just checks to see if you've managed to convince the registrar or the DNS server to point the domain name at your server. So while they might not choose to do more validation even if there were longer validation periods, they woul

    • That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

      How? They are domain-verified certs that are issued by an automated process. How does changing their expiration date change anything?

    • by lordlod ( 458156 )

      So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times that result in them issuing so many certificates each day, not for the number of certificates per se. That silly policy decision inherently limits the amount of verification that they can do, so even if they wanted to do more, they can't.

      Or possibly they know something that you don't.

      The certificate revocation system is broken, doesn't work. CRLs didn't work for anything but the big sites and have been depreciated. OCSP doesn't work against man in the middle attacks, which is the primary attack vector.

      What does work is the expiration date, once a certificate has expired it is safe. So you can improve things significantly by having a short certificate life span, shorter the better. To make this manageable you need to automate the acquisition

    • So yes, they should be criticized, but they should be criticized for the ridiculously short certificate expiration times

      Why? The only reason to have long certificate expiration times is to reduce manual labour. When the system is scripted, renewal fully automated and doesn't cost anything, why would you critisize shot expiration times?

    • The point of the fast expiration is so browsers don't have to carry around ever-growing rejection lists for long-lived certs. If a cert is bad or the encryption model is bad or whatever, it'll expire before it becomes an issue.

  • Either you encourage encryption everywhere and make it easy to get a cert, or you stop nagging people every time they go to a plain http site and say http is just fine.

    Pick one.

    HTTPS is meant to ensure that your communications are secure. They can help protect you from hitting a site that isn't what it claims to be.

    But issuing certs is not some magical means of "vetting" ANYTHING. The very idea is absurd. Anybody should be able to buy and get signed a cert for a site they own. It isn't anybody's job to ask

  • BS (Score:5, Insightful)

    by duke_cheetah2003 ( 862933 ) on Saturday July 22, 2017 @03:13PM (#54858735) Homepage

    Calling BS on this. There is nothing inherently wrong with issuing certs. Regardless of who issues those certs, they can only be used to create a secure identified connections between a user and a server.

    They definitely do not facilitate criminality any more than Apache2 does. This is just pure silliness. There's nothing wrong here. Bad guys can get certs from other sources just as easily as anyone else. They can get them from Let's Encrypt, too. So can everyone else. A certificate doesn't facilitate illegal activity. It's just for a secure connection.

    Something tell me there's more to this than simply crying wolf about bad guys getting certs easily. Someone obviously would prefer that web hosts, big and small, don't get cheap (or free) certs to secure their connections from prying eyes.

    While the justification might be 'bad guys are abusing this,' I'm still calling BS. Someone (or some *cough* three letter agency) is annoyed that people can easily secure their servers.

    I'd go as far as to say, Let's Encrypt is having precisely the effect it sought to have. More secure connections on all HTTP traffic across the web. Anyone can TLS up their servers now with very little effort. Good job, Let's Encrypt, you're having a profound and ultimately awesome effect on the web's privacy and shielding from prying eyes. And that effect is a good one, especially when people are crying 'omg it's too easy to get certs now!' Good. Nothing like a very secure connection to give the middle finger to three letter agencies.

    • Re:BS (Score:5, Insightful)

      by thegarbz ( 1787294 ) on Saturday July 22, 2017 @05:16PM (#54859147)

      Not only is it BS, it's the exact opposite.

      Having in the past gotten a DV certificate through a normal vendor and now getting them through LetsEncrypt, it is quite clear that the process for LetsEncrypt is far more robust (actual proof I have access to the server by modifying it's contents as part of the handshake) than what most other CA's offer which for DV is based on little more than faith, and for EV based on talking to someone in an Indian call centre who can't understand you anyway.

    • by houghi ( 78078 )

      The thing is that many companies (e.g. banks and government sites) have been saying that you should look to see if you see a lock, as if that would mean that the connection is safe.

      The thing is that that is NOT the case. Secure and safe are not interchangeable.

      • by tlhIngan ( 30335 )

        The thing is that many companies (e.g. banks and government sites) have been saying that you should look to see if you see a lock, as if that would mean that the connection is safe.

        The thing is that that is NOT the case. Secure and safe are not interchangeable.

        Therein lies the problem. Far too long we've conditioned users to look for the lock. And now practically every site has a lock.

        And therein lies a BIG problem if you use LetsEncrypt. Because a good chunk of LE certificates go towards phishing sites (no

  • The problem here has nothing to do with encryption and everything to do with the fact that companies have pushed the idea that if a connection is encrypted that the site is legitimate. The only thing that encryption does is ensure you connection cannot be spied on. The idea that encryption should be reserved for certain people is patently absurd.

    Stop telling people that encryption equates to legitimacy and the problem is resolved.

    • Yeah, most phishing attack aren't even through MITM attack or eavesdropping, but social engineering. Companies should make sure their website name is stable and consistent, not branching into so many domains. If each company use the same domain for every web pages they have, then phishing attack would have been a lot more difficult already, as users can immediate recognize a cheap fake site, while those do MITM can be arrested as they leave more criminal evidence.

      But no, first multi-national companies use

  • by Eravnrekaree ( 467752 ) on Saturday July 22, 2017 @03:55PM (#54858911)

    Lets Encrypt verifies ownership of the domain. If you see the secured indicator in the browser, its a gaurantee that your actually talking to the server of the people who own that domain. So, if people watch out for the right domain as well as the secured indicator, it provides additional safety. So, people need to know the domains of critical sites they might use, and look carefully at that domain name. This is true as well, if there were no TLS being used. TLS provides additional gaurantees you really are talking to that domain and that no one is listening. Lets Encrypt makes things much more secure, rather than less security than before. However, certs with stronger vetting would verify ownership more of the domain a well as the certificate, maybe making sure that the domain is not hosting a malicious site that is spoofing a real bank or something.

    There is a solution to this: have two grades of certificates, one with one star free certicates based on the Lets Encrypt model, for low risk sites and two stars for high risk.

    Lets Encrypt, would not be an issue at all, furthermore, providing we do this: It might be a good idea, to have multiple security levels in the indicator, maybe one star for a Lets Encrypt type cert, maybe two stars for more intensive verification methods. this would allow the easy availability of Lets Encrypt to continue, but for banks etc to apply for the second star certificate for higher level of verification.

    For many sites, like the personal website, Lets Encrypt is fine, without it those sites wouldnt encrypt anyway since its not worth the vast sums for a certificate from one of the commercial providers. For a bank, getting a cert with stronger vetting might make sense, and there is a better trade off for them to do it.

    You could then train users to look for one star for low risk sites, two stars for ecommerce and banking stuff.

  • To start with the second word, there should not be any "balances" in place when issuing DV certificates. It's not up to the CA to "balance" anything. A DV certificate achieves one purpose only beside facilitating encryption: certify that the server you are talking to is actually the one addressed in the URL. Nothing more. A DV certificate has nothing to do with the person or the company owning that server. It has nothing to do with the person who registered the domain. It is purely there to say the computer

  • Okay Google (and their lickspittles at Mozilla) decide to wall off stock http sites behind "danger" messages.
    So anyone providing more than a cursory "I love me" page website has to run out and get a cert.

    Let's Encrypt steps up and makes the process easy and mostly seamless.

    Now people are bitching because they didn't draw out the process and make it more painful.
    And they're worried about how a security mechanism can be used to make people LESS secure.

    Maybe someone should have thought their way through this B

  • by FeelGood314 ( 2516288 ) on Saturday July 22, 2017 @05:35PM (#54859199)
    There are a number of things wrong in the comments so let's clarify them. There are three types of certificates: Extended Validation, Organization Validation and Domain Validation. The green lock only appears for sites with Extended Validation. Extended validation requires the site owner to prove they are a real company, really do own the name in the domain name, i.e. they are not spoofing something, that the DNS record is correct and that they control the domain. These are usually $250 - $500. Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock. Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock. It is valuable in that, it prevents man-in-the-middle attacks and ensures that your communication is encrypted, however you have no assurances as to who is behind the domain. Domain Validation certs are usually free. Let's Encrypt only issues Domain Validation Certificates

    There is a list of requirements for CAs to obey for granting certs and they are stringently audited and then the auditors are audited. (and one auditor has failed). The EV audits are extremely thorough. Further any EV certificates that are issued now have to be added to a certificate transparency log https://en.wikipedia.org/wiki/... [wikipedia.org], so all EV certs that have been issued are publicly viewable and now auditable by everyone. (the log is a merkle tree so inclusion in the tree is easy to find and undetected changes are impossible).

    Conclusion: If you are going to a website that you expect to be secure for banking or from a reputable company and the lock isn't green then you are likely visiting a spoofed or compromised page. If you are visiting Joe from down the streets cat pic site a DV cert is good enough.
    • The green lock only appears for sites with Extended Validation.

      No it doesn't.

      Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock.

      Yes it does.

      Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock.

      Yes it does.

      Your advice is only true for users of Microsoft browsers and covers 20% of the market share. The green lock is provided to any encrypted connection with a valid certificate chain in Firefox, Chrome, and Safari. The entire concept of telling people to look at a colour or a symbol was completely stupid in the first place as colour doesn't convey information of "who" but only "what". If someone incorrectly gets an EV certificate due to an oversight at a CA (happens often e

  • Where is this certificate public database? How can I query it?
  • by JThaddeus ( 531998 ) on Saturday July 22, 2017 @09:22PM (#54859945)
    It's not like I ever saw a serious attempt at verification from VeriSign, Thawte, or GoDaddy in the 15 years I had to get code signing certs. It's a racket.
    • by AHuxley ( 892839 )
      The change in the way malware connects.
      In the past it would be easy to understand that strange new connection from deep within an OS or network due to a lack of encryption.
      It looks the same on every computer or network.
      With lots of new encryption products that malware gets more places to hide as something the user could be encrypting.

Remember Darwin; building a better mousetrap merely results in smarter mice.

Working...