WoSign/StartCom CA in the news

classic Classic list List threaded Threaded
33 messages Options
12
Reply | Threaded
Open this post in threaded view
|

WoSign/StartCom CA in the news

Viktor Dukhovni

WoSign (who seemingly purchased StartCom) seem to have run into
some compliance issues as reported by Firefox:

   http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/

Many SMTP servers are using certs from StartCom.  In my DANE
adoption survey, out of 2201 certificates used by DANE MX
hosts 411 are issued by StartCom and 47 by WoSign.  So that's
just over 20% of observed certificates.  While the rate is
likely different for the larger SMTP ecosystem (DANE users
are bleeding edge, not representative at this time), I expect
that these CAs are still quite popular overall.

If you're using StartCom/WoSign certs, and rely on them being
verified by MUAs and/or peer MTAs. you may want to make
contingency plans if Mozilla and perhaps others go through
with delisting (or disabling) the related root CAs from
their trusted CA bundles.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Giovanni Harting
Correct me if I'm wrong, but that document you describe issues by
Mozilla and others, doesn't it state that it would only affect new
issues certs after a certain date?


Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:

> WoSign (who seemingly purchased StartCom) seem to have run into
> some compliance issues as reported by Firefox:
>
>     http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>
> Many SMTP servers are using certs from StartCom.  In my DANE
> adoption survey, out of 2201 certificates used by DANE MX
> hosts 411 are issued by StartCom and 47 by WoSign.  So that's
> just over 20% of observed certificates.  While the rate is
> likely different for the larger SMTP ecosystem (DANE users
> are bleeding edge, not representative at this time), I expect
> that these CAs are still quite popular overall.
>
> If you're using StartCom/WoSign certs, and rely on them being
> verified by MUAs and/or peer MTAs. you may want to make
> contingency plans if Mozilla and perhaps others go through
> with delisting (or disabling) the related root CAs from
> their trusted CA bundles.
>

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Viktor Dukhovni

> On Sep 27, 2016, at 6:31 PM, Giovanni Harting <[hidden email]> wrote:
>
> Correct me if I'm wrong, but that document you describe issues by Mozilla and others, doesn't it state that it would only affect new issues certs after a certain date?

Yes, quote:

    Taking into account all the issues listed above, Mozilla's CA
    team has lost confidence in the ability of WoSign/StartCom to
    faithfully and competently discharge the functions of a CA.
    Therefore we propose that, starting on a date to be determined
    in the near future, Mozilla products will no longer trust
    newly-issued certificates issued by either of these two CA
    brands.

    We plan to distrust only newly-issued certificates to try and
    reduce the impact on web users, as both of these CA brands have
    substantial outstanding certificate corpuses. Our proposal is
    that we determine "newly issued" by examining the notBefore
    date in the certificates. It is true that this date is chosen
    by the CA and therefore WoSign/StartCom could back-date
    certificates to get around this restriction. And there is, as
    we have explained, evidence that they have done this in the
    past. However, many eyes are on the Web PKI and if such additional
    back-dating is discovered (by any means), Mozilla will immediately
    and permanently revoke trust in all WoSign and StartCom roots.

--
--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Sven Schwedas
In reply to this post by Giovanni Harting
On 2016-09-28 00:31, Giovanni Harting wrote:
> Correct me if I'm wrong, but that document you describe issues by
> Mozilla and others, doesn't it state that it would only affect new
> issues certs after a certain date?

Yes, but most StartSSL/WoSign certificates are only valid for a year or
less. So customers should start looking for alternative providers *now*,
because a year-long block will affect almost all of them.

> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
>> WoSign (who seemingly purchased StartCom) seem to have run into
>> some compliance issues as reported by Firefox:
>>
>>    
>> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>>
>>
>> Many SMTP servers are using certs from StartCom.  In my DANE
>> adoption survey, out of 2201 certificates used by DANE MX
>> hosts 411 are issued by StartCom and 47 by WoSign.  So that's
>> just over 20% of observed certificates.  While the rate is
>> likely different for the larger SMTP ecosystem (DANE users
>> are bleeding edge, not representative at this time), I expect
>> that these CAs are still quite popular overall.
>>
>> If you're using StartCom/WoSign certs, and rely on them being
>> verified by MUAs and/or peer MTAs. you may want to make
>> contingency plans if Mozilla and perhaps others go through
>> with delisting (or disabling) the related root CAs from
>> their trusted CA bundles.
>>
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167


signature.asc (643 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

lists@lazygranch.com
I don't want take this thread off course, but suggestions for low cost certs would be appreciated. I don't like how Let's Encrypt works, else that would be the obvious solution. 

Domain registration isn't free. Server time isn't free. Something like $20 a year would be fine. I already have a self signed cert for email, but would like to eventually encrypt my websites and attempt dnssec/dane.

When Symantec first announced that they would compete with Let's Encrypt, I signed up with them. But it looks like their free cert program is more like you need to recruit customers for them.


  Original Message  
From: Sven Schwedas
Sent: Wednesday, September 28, 2016 1:10 AM
To: [hidden email]
Subject: Re: WoSign/StartCom CA in the news

On 2016-09-28 00:31, Giovanni Harting wrote:
> Correct me if I'm wrong, but that document you describe issues by
> Mozilla and others, doesn't it state that it would only affect new
> issues certs after a certain date?

Yes, but most StartSSL/WoSign certificates are only valid for a year or
less. So customers should start looking for alternative providers *now*,
because a year-long block will affect almost all of them.

> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
>> WoSign (who seemingly purchased StartCom) seem to have run into
>> some compliance issues as reported by Firefox:
>>
>>
>> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>>
>>
>> Many SMTP servers are using certs from StartCom. In my DANE
>> adoption survey, out of 2201 certificates used by DANE MX
>> hosts 411 are issued by StartCom and 47 by WoSign. So that's
>> just over 20% of observed certificates. While the rate is
>> likely different for the larger SMTP ecosystem (DANE users
>> are bleeding edge, not representative at this time), I expect
>> that these CAs are still quite popular overall.
>>
>> If you're using StartCom/WoSign certs, and rely on them being
>> verified by MUAs and/or peer MTAs. you may want to make
>> contingency plans if Mozilla and perhaps others go through
>> with delisting (or disabling) the related root CAs from
>> their trusted CA bundles.
>>
>

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Christian Kivalo


Am 28. September 2016 10:25:42 MESZ, schrieb [hidden email]:
>I don't want take this thread off course, but suggestions for low cost
>certs would be appreciated. I don't like how Let's Encrypt works, else
>that would be the obvious solution. 
I get mine through https://www.ssls.com

>Domain registration isn't free. Server time isn't free. Something like
>$20 a year would be fine. I already have a self signed cert for email,
>but would like to eventually encrypt my websites and attempt
>dnssec/dane.
>
>When Symantec first announced that they would compete with Let's
>Encrypt, I signed up with them. But it looks like their free cert
>program is more like you need to recruit customers for them.
>
>
>  Original Message  
>From: Sven Schwedas
>Sent: Wednesday, September 28, 2016 1:10 AM
>To: [hidden email]
>Subject: Re: WoSign/StartCom CA in the news
>
>On 2016-09-28 00:31, Giovanni Harting wrote:
>> Correct me if I'm wrong, but that document you describe issues by
>> Mozilla and others, doesn't it state that it would only affect new
>> issues certs after a certain date?
>
>Yes, but most StartSSL/WoSign certificates are only valid for a year or
>less. So customers should start looking for alternative providers
>*now*,
>because a year-long block will affect almost all of them.
>
>> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
>>> WoSign (who seemingly purchased StartCom) seem to have run into
>>> some compliance issues as reported by Firefox:
>>>
>>>
>>>
>http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>>>
>>>
>>> Many SMTP servers are using certs from StartCom. In my DANE
>>> adoption survey, out of 2201 certificates used by DANE MX
>>> hosts 411 are issued by StartCom and 47 by WoSign. So that's
>>> just over 20% of observed certificates. While the rate is
>>> likely different for the larger SMTP ecosystem (DANE users
>>> are bleeding edge, not representative at this time), I expect
>>> that these CAs are still quite popular overall.
>>>
>>> If you're using StartCom/WoSign certs, and rely on them being
>>> verified by MUAs and/or peer MTAs. you may want to make
>>> contingency plans if Mozilla and perhaps others go through
>>> with delisting (or disabling) the related root CAs from
>>> their trusted CA bundles.
>>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Sven Schwedas
In reply to this post by lists@lazygranch.com
On 2016-09-28 10:25, [hidden email] wrote:
> I don't want take this thread off course, but suggestions for low cost certs would be appreciated. I don't like how Let's Encrypt works, else that would be the obvious solution.

"how Let's Encrypt works" is a bit vague. Domain verification is
standard for a lot of registrars (and safer than what StartSSL does,
which is allowing you to breach their TOS if you pay hush money), and
there are LE clients that don't automatically fuck up your server
configs, if that's your concern (we use simp_le, e.g., it just generates
the certs and everything else is up to you).

> Domain registration isn't free. Server time isn't free. Something like $20 a year would be fine. I already have a self signed cert for email, but would like to eventually encrypt my websites and attempt dnssec/dane.

Have you considered CACert? Otherwise it's either scummy registrars that
ought to be the next on the chop block (like Comodo) or gets expensive
fast. (Or both.)

> When Symantec first announced that they would compete with Let's Encrypt, I signed up with them. But it looks like their free cert program is more like you need to recruit customers for them.

Same with the others. Of course they want to stay in business, even if
it's dead already.

>
>
>   Original Message  
> From: Sven Schwedas
> Sent: Wednesday, September 28, 2016 1:10 AM
> To: [hidden email]
> Subject: Re: WoSign/StartCom CA in the news
>
> On 2016-09-28 00:31, Giovanni Harting wrote:
>> Correct me if I'm wrong, but that document you describe issues by
>> Mozilla and others, doesn't it state that it would only affect new
>> issues certs after a certain date?
>
> Yes, but most StartSSL/WoSign certificates are only valid for a year or
> less. So customers should start looking for alternative providers *now*,
> because a year-long block will affect almost all of them.
>
>> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
>>> WoSign (who seemingly purchased StartCom) seem to have run into
>>> some compliance issues as reported by Firefox:
>>>
>>>
>>> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>>>
>>>
>>> Many SMTP servers are using certs from StartCom. In my DANE
>>> adoption survey, out of 2201 certificates used by DANE MX
>>> hosts 411 are issued by StartCom and 47 by WoSign. So that's
>>> just over 20% of observed certificates. While the rate is
>>> likely different for the larger SMTP ecosystem (DANE users
>>> are bleeding edge, not representative at this time), I expect
>>> that these CAs are still quite popular overall.
>>>
>>> If you're using StartCom/WoSign certs, and rely on them being
>>> verified by MUAs and/or peer MTAs. you may want to make
>>> contingency plans if Mozilla and perhaps others go through
>>> with delisting (or disabling) the related root CAs from
>>> their trusted CA bundles.
>>>
>>
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167


signature.asc (643 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Boris Behrens
In reply to this post by lists@lazygranch.com

> Am 28.09.2016 um 10:25 schrieb [hidden email]:
>
> I don't want take this thread off course, but suggestions for low cost certs would be appreciated. I don't like how Let's Encrypt works, else that would be the obvious solution.
>
> Domain registration isn't free. Server time isn't free. Something like $20 a year would be fine. I already have a self signed cert for email, but would like to eventually encrypt my websites and attempt dnssec/dane.

RapidSSL is about 9EUR per Year and there is a "Basic SSL" option when you use internetx. Seems to be free.

>
> When Symantec first announced that they would compete with Let's Encrypt, I signed up with them. But it looks like their free cert program is more like you need to recruit customers for them.
>
>
>   Original Message  
> From: Sven Schwedas
> Sent: Wednesday, September 28, 2016 1:10 AM
> To: [hidden email]
> Subject: Re: WoSign/StartCom CA in the news
>
> On 2016-09-28 00:31, Giovanni Harting wrote:
>> Correct me if I'm wrong, but that document you describe issues by
>> Mozilla and others, doesn't it state that it would only affect new
>> issues certs after a certain date?
>
> Yes, but most StartSSL/WoSign certificates are only valid for a year or
> less. So customers should start looking for alternative providers *now*,
> because a year-long block will affect almost all of them.
>
>> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
>>> WoSign (who seemingly purchased StartCom) seem to have run into
>>> some compliance issues as reported by Firefox:
>>>
>>>
>>> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>>>
>>>
>>> Many SMTP servers are using certs from StartCom. In my DANE
>>> adoption survey, out of 2201 certificates used by DANE MX
>>> hosts 411 are issued by StartCom and 47 by WoSign. So that's
>>> just over 20% of observed certificates. While the rate is
>>> likely different for the larger SMTP ecosystem (DANE users
>>> are bleeding edge, not representative at this time), I expect
>>> that these CAs are still quite popular overall.
>>>
>>> If you're using StartCom/WoSign certs, and rely on them being
>>> verified by MUAs and/or peer MTAs. you may want to make
>>> contingency plans if Mozilla and perhaps others go through
>>> with delisting (or disabling) the related root CAs from
>>> their trusted CA bundles.
>>>
>>
>
> --
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> Mail/XMPP [hidden email] | Skype sven.schwedas
> TAO Digital | Lendplatz 45 | A8020 Graz
> https://www.tao-digital.at | Tel +43 680 301 7167
>


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Viktor Dukhovni
In reply to this post by lists@lazygranch.com
On Wed, Sep 28, 2016 at 01:25:42AM -0700, [hidden email] wrote:

> I don't want take this thread off course, but suggestions for low cost
> certs would be appreciated. I don't like how Let's Encrypt works, else
> that would be the obvious solution. 

I am curious what you don't like about "Let's Encrypt" it seems
usable enough.  But, for SMTP, it  only needed if you operate a
port 587 MSA for submission clients that want to see WebPKI
certificates.

> Domain registration isn't free. Server time isn't free. Something like
> $20 a year would be fine. I already have a self signed cert for email,
> but would like to eventually encrypt my websites and attempt dnssec/dane.

For DNSSEC/DANE you really don't need WebPKI certs, indeed you're
much better off without them.  The simplest configuration is a
self-signed:

  _25._tcp.smtp.example.com. IN TLSA 3 1 1 <server public key digest>

record, which you update shortly before rolling out new keys (as
and when you feel like deploying a new key).

A more advanced, but ultimately more convenient, configuration, is
to create your own self-signed issuing CA whose private key or at
least is "passphrase" is "off-line".  You then make sure that your
server certificate includes the MX hostname as one of the DNS
"subjectAltName" values, that your server chainfile includes the
issuing CA certificate and proceed to publish two TLSA records:

  _25._tcp.smtp.example.com. IN TLSA 3 1 1 <server public key digest>
  _25._tcp.smtp.example.com. IN TLSA 2 1 1 <CA public key digest>

with this configuration, you can deploy new server keys without
the annoying *prior* DNS changes described in:

  https://tools.ietf.org/html/rfc7671#section-8.1

When you first deploy the new server key (new private key and
associated certificate), provided the certificate is issued by the
same private CA, the unchanged "2 1 1" record will continue to
validate your server certificate.  You can then update the DNS to
make the "3 1 1" record match again at your leisure, after everything
checks out.

At some point later, you may want to replace the CA, that's easy
too, just retain the working "3 1 1" record (for the same underlying
private key) and get a new CA to issue a certificate for the same
key.  You'll now have only the "3 1 1" record matching, but that's
OK, just update the "2 1 1" when all looks good.

This way, you can play "leap-frog" alternating a series of
key changes with period CA changes, and DNS changes only
after the certificate deployments check out good.  The
time-line is then:

    Server Key 1    +    CA 1 ; Initial state
    Server Key 2    +    CA 1 ; Update "3 1 1" after Key change
    Server Key 3    +    CA 1 ; Update "3 1 1" after Key change
    ...
    Server Key N    +    CA 1 ; Update "3 1 1" after Key change
    Server Key N    +    CA 2   ; Update "2 1 1" after CA change
    Server Key N+1  +    CA 2   ; Update "3 1 1" after Key change
    Server Key N+2  +    CA 2   ; Update "3 1 1" after Key change
    ...
    Server Key N+M  +    CA 2   ; Update "3 1 1" after CA change
    Server Key N+M  +    CA 3   ; Update "2 1 1" after CA change
    ...

So long as the CA changes don't coincide with the server key changes,
this substantially simplifies keeping the DNS data in sync with
reality.  You could then automate the DNS updates too, updating
the DNS when you observer the live server vending a chain that
matches the expected CA and server cert files on disk.  Automating
pre-publishing ala RFC7671 section 8.1 is more complex.

The above approach works a bit less well for public CAs, because
issuing CA changes are no longer directly under your control.

When I have some time, I may enhance the "postfix tls" sub-command

    http://www.postfix.org/postfix-tls.1.html

to support not just self-signed certs, but also a CA + leaf cert
combination as described above, so that folks who are not OpenSSL
CLI wizards have an easier time of getting this to work.

The only complication really is that ideally the CA private key is
stored encrypted with a strong offline passphrase, so that Postfix
would have to prompt for a passphrase when that's the case

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

lists@lazygranch.com
In reply to this post by Sven Schwedas
CACert came up in my search. I will look into it. Suggestions always appreciated since I'm quite comfortable with people out there knowing more than me.

I didn't like the Let's Encrypt 90 day deal with mysterious upload to your server. It bugs me. About the only outside control of my server I accept is spam RBLs, because really I have no alternative.

I understand there is github code out there (perhaps your simp_le) as an alternative to whatever Let's Encrypt does regarding updates, but that seems just as dicey.

  Original Message  
From: Sven Schwedas
Sent: Wednesday, September 28, 2016 1:34 AM
To: [hidden email]; [hidden email]
Subject: Re: WoSign/StartCom CA in the news

On 2016-09-28 10:25, [hidden email] wrote:
> I don't want take this thread off course, but suggestions for low cost certs would be appreciated. I don't like how Let's Encrypt works, else that would be the obvious solution.

"how Let's Encrypt works" is a bit vague. Domain verification is
standard for a lot of registrars (and safer than what StartSSL does,
which is allowing you to breach their TOS if you pay hush money), and
there are LE clients that don't automatically fuck up your server
configs, if that's your concern (we use simp_le, e.g., it just generates
the certs and everything else is up to you).

> Domain registration isn't free. Server time isn't free. Something like $20 a year would be fine. I already have a self signed cert for email, but would like to eventually encrypt my websites and attempt dnssec/dane.

Have you considered CACert? Otherwise it's either scummy registrars that
ought to be the next on the chop block (like Comodo) or gets expensive
fast. (Or both.)

> When Symantec first announced that they would compete with Let's Encrypt, I signed up with them. But it looks like their free cert program is more like you need to recruit customers for them.

Same with the others. Of course they want to stay in business, even if
it's dead already.

>
>
> Original Message
> From: Sven Schwedas
> Sent: Wednesday, September 28, 2016 1:10 AM
> To: [hidden email]
> Subject: Re: WoSign/StartCom CA in the news
>
> On 2016-09-28 00:31, Giovanni Harting wrote:
>> Correct me if I'm wrong, but that document you describe issues by
>> Mozilla and others, doesn't it state that it would only affect new
>> issues certs after a certain date?
>
> Yes, but most StartSSL/WoSign certificates are only valid for a year or
> less. So customers should start looking for alternative providers *now*,
> because a year-long block will affect almost all of them.
>
>> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
>>> WoSign (who seemingly purchased StartCom) seem to have run into
>>> some compliance issues as reported by Firefox:
>>>
>>>
>>> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>>>
>>>
>>> Many SMTP servers are using certs from StartCom. In my DANE
>>> adoption survey, out of 2201 certificates used by DANE MX
>>> hosts 411 are issued by StartCom and 47 by WoSign. So that's
>>> just over 20% of observed certificates. While the rate is
>>> likely different for the larger SMTP ecosystem (DANE users
>>> are bleeding edge, not representative at this time), I expect
>>> that these CAs are still quite popular overall.
>>>
>>> If you're using StartCom/WoSign certs, and rely on them being
>>> verified by MUAs and/or peer MTAs. you may want to make
>>> contingency plans if Mozilla and perhaps others go through
>>> with delisting (or disabling) the related root CAs from
>>> their trusted CA bundles.
>>>
>>
>

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Viktor Dukhovni
On Wed, Sep 28, 2016 at 01:55:06AM -0700, [hidden email] wrote:

> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> server. It bugs me.

You're mistaken about how LE works.  There is no remote control of
your server, or any externally imposed update.  They provide a
script you can run from "cron" or similar to refresh your certificates.

You can run it as you see fit, and use it in a variety of ways.
Including obtaining new certs for the same underlying key (convenient
for DANE), and either deploying certs to where they're used live,
or somewhere else, where code you write can take care of automated
deployment, or just send you a reminder and you do the deployment
manually.

The only external influence on your server is the 90-day expiration,
so you have to do something every 90 days, which encourages automation
over manual processes, which is a good thing IMHO.

The fine folks at "mailinabox.org" seem to have put together a nice
turnkey email email server that, among other things, includes
integration with Let's Encrypt and DNS updates for DANE, so it all
"just works" (TM).

Indeed out of the 2215 distinct live DANE server certs I'm tracking,
353 are "mailinabox" servers, and unlike some other servers, whose
operators need occasional reminders to not forget to update TLSA
records after changing keys, the mailinabox servers never seem to
mess up.  They just "magically" continue to have valid TLSA records
across multiple key and certificate renewals.  So far, I'm quite
impressed.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Karol Augustin
In reply to this post by lists@lazygranch.com
On 28/09/16 09:25, [hidden email] wrote:
> I don't want take this thread off course, but suggestions for low cost certs would be appreciated. I don't like how Let's Encrypt works, else that would be the obvious solution.
>
> When Symantec first announced that they would compete with Let's Encrypt, I signed up with them. But it looks like their free cert program is more like you need to recruit customers for them.


I have paid ~$13/yr for three year RapidSSL through
https://www.rapidsslonline.com/

I am using RapidSSL for many years and no problems at all. Now it is
acquired by Symantec so I wouldn't expect any issues.


Best,
Karol


--
Karol Augustin
[hidden email]
http://karolaugustin.pl/
+353 85 775 5312
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Ralph Seichter-10
In reply to this post by lists@lazygranch.com
On 28.09.2016 10:55, [hidden email] wrote:

> I didn't like the Let's Encrypt 90 day deal with mysterious upload to
> your server. It bugs me.

Let's Encrypt does not upload anything to your server. You download an
updated certificate, if and when you choose to. That process can be
invoked manually - which I prefer - or via a cron job, if the necessary
TCP port is made available. If you use the LE standard mechanics, nothing
on your local machine is overwritten either, and you'll keep a history
of your certificates if you so desire.

As for the "90 day deal": LE is still in ramp-up phase, so I expect the
validity period to increase. Even with 90 days, it is worth using their
certificates. In a DANE context, all you need to take care of is not
automatically generating new keys with each update, and that is easily
avoided.

Perhaps I should be mad at LE for stealing some of my business (I run a
CA myself), but they are doing a good job, and I am always glad to see
people making encryption available to the masses.

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

KSB-2
On 2016.09.28. 12:59, Ralph Seichter wrote:
>
> As for the "90 day deal": LE is still in ramp-up phase, so I expect the
> validity period to increase. Even with 90 days, it is worth using their
> certificates. In a DANE context, all you need to take care of is not
> automatically generating new keys with each update, and that is easily
> avoided.
>
> -Ralph
>

No, probably they will go down to 30 days as most admins learn to do
automation.

--
KSB
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

allenc
In reply to this post by Boris Behrens


On 28/09/16 09:51, Boris Behrens wrote:
>> Am 28.09.2016 um 10:25 schrieb [hidden email]:
>>
>> I don't want take this thread off course, but suggestions for low cost certs would be appreciated. I don't like how Let's Encrypt works, else that would be the obvious solution.
>>
>> Domain registration isn't free. Server time isn't free. Something like $20 a year would be fine. I already have a self signed cert for email, but would like to eventually encrypt my websites and attempt dnssec/dane.
> RapidSSL is about 9EUR per Year and there is a "Basic SSL" option when you use internetx. Seems to be free.

It's a long shot, but you might like to look at cacert.org.  They use an
authentication scheme a little bit like the PGP "web of trust".
The more points  you score, the longer the duration of the
certificate.   It's  a freebie (so you get what you pay for, I suppose)


Allen C

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Ralph Seichter-10
In reply to this post by KSB-2
On 28.09.2016 12:03, KSB wrote:

> probably they will go down to 30 days as most admins learn to do
> automation.

I have read various LE posts regarding certificate lifetime, and while I
agree that LE apparently favours automation, I don't think the matter
has been decided yet. My personal (!) take on it is that there might be
separate processes for automated clients with shorter lifetimes (30 days
might be too short, though), and for manually updated certificates with
a longer lifetime. Just speculating.

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Yuval Levy
In reply to this post by lists@lazygranch.com
On 16-09-28 04:55 AM, [hidden email] wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your server.

While I do not like to grant root access to a third-party controlled
process on my server, there are good alternatives and the only things
that I upload to my server are the resulting certificates, like with any
CA.  With a little bit of scripting it can all be automated.

My current solution is still sketchy and works for me (single Digital
Ocean account with one server to be updated), but it can scale easily
and is built on the shoulders of giants that make sure more than just
Digital Ocean is supported:

https://github.com/lukas2511/dehydrated

My favorite form of verification is the DNS challenge, because it does
not disrupt the server's operation, except for a quick restart to
recognize the new certificate.

Disclaimer: I am a lawyer and only a tinkerer when it comes to IT.
Please point out the deficiencies in my solution and help me improve.

Every 90 days, at every iteration, my process becomes better and has now
boiled down to check if there has been changes and run some
commands/scripts that do not take more than a few minutes of my time.

  cd ~/src/letsencrypt
  wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
  cd dehydrated
  git pull
  cd ../certificates_ACCOUNT_X
  export LEXICON_DIGITALOCEAN_TOKEN=<the_DO_account_token>
  PROVIDER=digitalocean ../dehydrated/dehydrated --cron --hook
letsencrypt.default.sh --challenge dns-01 -x
  # Do other things while the certificates are being generated
  ../automate.sh
  ssh SERVER
  sudo ./deploy.sh
  sudo service nginx restart
  sudo service postfix restart

The above assumes that you have configured dehydrated and your DNS
hosting account.  automate.sh is something like this:

  USER='admin'
  SERVER='server_entry_in_.ssh/config'
  DESTINATION='/home/admin/'
  echo '#!/usr/bin/env bash' > deploy.sh
  for DOMAIN in `ls certs`; do echo $DOMAIN
    cd certs/$DOMAIN
    cat privkey.pem cert.pem ../../lets-encrypt-x3-cross-signed.pem >
$DOMAIN.pem
    rsync -avz $DOMAIN.pem $USER@$SERVER:$DESTINATION
    echo "chmod 400 $DESTINATION/$DOMAIN.pem" >> ../../deploy.sh
    echo "chown root:root $DESTINATION/$DOMAIN.pem" >> ../../deploy.sh
    # domains that are used for mail+web
    if [ "$DOMAIN" == "mxserver.example.com" ]; then
      echo "mv $DESTINATION/$DOMAIN.pem /etc/postfix/ssl/" >>
../../deploy.sh
    # domains that are used for web only
    else
      echo "mv $DESTINATION/$DOMAIN.pem /etc/nginx/ssl/" >> ../../deploy.sh
    fi
    cd ../../
  done
  chmod +x deploy.sh
  rsync -avz deploy.sh $USER@$SERVER:$DESTINATION

I am only progressing very slowly on this, tweaking it every 90 days,
because it is already at a point where it does not bother me.

The Let's Encrypt certificates are great.  They are recognized by my
Android devices when syncing CardDAV/CalDAV; Postfix seems to like them
and so does Dovecot.  The short life span is actually a neat feature
that keeps the ecosystem safe and revocation lists shorter.

Yuv


Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Steve Atkins
In reply to this post by lists@lazygranch.com

> On Sep 28, 2016, at 1:55 AM, [hidden email] wrote:
>
> CACert came up in my search. I will look into it. Suggestions always appreciated since I'm quite comfortable with people out there knowing more than me.
>
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your server. It bugs me.

That's not really how lets encrypt works. It's just one of several options they have for domain authentication. All registrars will require you to do domain authentication somehow; most of them make it impossible to automate.

You can use DNS-based domain authentication as another alternative - put a TXT record in your zone. There's no interaction with the production server at all. I use letsencrypt.sh for that, and it doesn't touch any of my production servers (other than my DNS server, obviously) other than when it scp's the new key and certificate into place. To be a little on-topic that includes a couple of postfix servers that don't do anything over http at all.

Cheers,
  Steve

> About the only outside control of my server I accept is spam RBLs, because really I have no alternative.
>
> I understand there is github code out there (perhaps your simp_le) as an alternative to whatever Let's Encrypt does regarding updates, but that seems just as dicey.
>
>   Original Message  
> From: Sven Schwedas
> Sent: Wednesday, September 28, 2016 1:34 AM
> To: [hidden email]; [hidden email]
> Subject: Re: WoSign/StartCom CA in the news
>
> On 2016-09-28 10:25, [hidden email] wrote:
>> I don't want take this thread off course, but suggestions for low cost certs would be appreciated. I don't like how Let's Encrypt works, else that would be the obvious solution.
>
> "how Let's Encrypt works" is a bit vague. Domain verification is
> standard for a lot of registrars (and safer than what StartSSL does,
> which is allowing you to breach their TOS if you pay hush money), and
> there are LE clients that don't automatically fuck up your server
> configs, if that's your concern (we use simp_le, e.g., it just generates
> the certs and everything else is up to you).
>
>> Domain registration isn't free. Server time isn't free. Something like $20 a year would be fine. I already have a self signed cert for email, but would like to eventually encrypt my websites and attempt dnssec/dane.
>
> Have you considered CACert? Otherwise it's either scummy registrars that
> ought to be the next on the chop block (like Comodo) or gets expensive
> fast. (Or both.)
>
>> When Symantec first announced that they would compete with Let's Encrypt, I signed up with them. But it looks like their free cert program is more like you need to recruit customers for them.
>
> Same with the others. Of course they want to stay in business, even if
> it's dead already.
>
>>
>>
>> Original Message
>> From: Sven Schwedas
>> Sent: Wednesday, September 28, 2016 1:10 AM
>> To: [hidden email]
>> Subject: Re: WoSign/StartCom CA in the news
>>
>> On 2016-09-28 00:31, Giovanni Harting wrote:
>>> Correct me if I'm wrong, but that document you describe issues by
>>> Mozilla and others, doesn't it state that it would only affect new
>>> issues certs after a certain date?
>>
>> Yes, but most StartSSL/WoSign certificates are only valid for a year or
>> less. So customers should start looking for alternative providers *now*,
>> because a year-long block will affect almost all of them.
>>
>>> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
>>>> WoSign (who seemingly purchased StartCom) seem to have run into
>>>> some compliance issues as reported by Firefox:
>>>>
>>>>
>>>> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>>>>
>>>>
>>>> Many SMTP servers are using certs from StartCom. In my DANE
>>>> adoption survey, out of 2201 certificates used by DANE MX
>>>> hosts 411 are issued by StartCom and 47 by WoSign. So that's
>>>> just over 20% of observed certificates. While the rate is
>>>> likely different for the larger SMTP ecosystem (DANE users
>>>> are bleeding edge, not representative at this time), I expect
>>>> that these CAs are still quite popular overall.
>>>>
>>>> If you're using StartCom/WoSign certs, and rely on them being
>>>> verified by MUAs and/or peer MTAs. you may want to make
>>>> contingency plans if Mozilla and perhaps others go through
>>>> with delisting (or disabling) the related root CAs from
>>>> their trusted CA bundles.
>>>>
>>>
>>
>
> --
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> Mail/XMPP [hidden email] | Skype sven.schwedas
> TAO Digital | Lendplatz 45 | A8020 Graz
> https://www.tao-digital.at | Tel +43 680 301 7167
>

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Rene 'Renne' Bartsch, B.Sc. Informatics
In reply to this post by Viktor Dukhovni
My StartSSL-certs  are valid until 4th of october. Luckily I switched to
Let's encrypt yesterday - with DANE, of course. ;-)


Regards,

Renne


Am 28.09.2016 um 00:29 schrieb Viktor Dukhovni:

> WoSign (who seemingly purchased StartCom) seem to have run into
> some compliance issues as reported by Firefox:
>
>    http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>
> Many SMTP servers are using certs from StartCom.  In my DANE
> adoption survey, out of 2201 certificates used by DANE MX
> hosts 411 are issued by StartCom and 47 by WoSign.  So that's
> just over 20% of observed certificates.  While the rate is
> likely different for the larger SMTP ecosystem (DANE users
> are bleeding edge, not representative at this time), I expect
> that these CAs are still quite popular overall.
>
> If you're using StartCom/WoSign certs, and rely on them being
> verified by MUAs and/or peer MTAs. you may want to make
> contingency plans if Mozilla and perhaps others go through
> with delisting (or disabling) the related root CAs from
> their trusted CA bundles.
>

Reply | Threaded
Open this post in threaded view
|

Re: WoSign/StartCom CA in the news

Mike.
In reply to this post by lists@lazygranch.com
On 9/28/2016 4:55 AM, [hidden email] wrote:
> CACert came up in my search. I will look into it. Suggestions always appreciated since I'm quite comfortable with people out there knowing more than me.
>
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your server. It bugs me. About the only outside control of my server I accept is spam RBLs, because really I have no alternative.
>
> I understand there is github code out there (perhaps your simp_le) as an alternative to whatever Let's Encrypt does regarding updates, but that seems just as dicey.


fwiw, I use GeoTrust's RapidSSL cert.

I buy it through my registrar, namecheap, but I found it is also
available a bit less expensively via enom (namecheap's parent) for $10
per year.  It works fine for my low-traffic personal email and webservers.

http://www.enom.com/secure/geotrust-ssl-certificates.aspx


12