Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Why Let’s Encrypt is a really, really, really bad idea…
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Why Let’s Encrypt is a really, really, really bad idea…

oneilonlineoneilonline Member, Host Rep

https://medium.com/swlh/why-lets-encrypt-is-a-really-really-really-bad-idea-d69308887801

Curious what people's thoughts here on the article.

I think, for example, a financial institution it would be a no brainer to not use a free service for SSL. Is the article assuming even financial institutions would use a free service for SSL? I understand that a compromised KMS can be a security issue, but it's that the same for any KMS? Or is the concern because Let's Encrypt has gotten SO large, is in use so much now?

Comments

  • But there is lowendtalk.

  • jackbjackb Member, Host Rep
    edited June 2019

    @oneilonline said:
    I think, for example, a financial institution it would be a no brainer to not use a free service for SSL.

    I'm not so certain. For the regular person - and most companies - the 'mis-issuance insurance' attached to most paid certificate isn't worth the paper it's printed on. However, banks and the like will have the clout to negotiate iron clad contracts around that sort of thing which could save them millions - if they want it. Again though, for a regular person this does not apply.

    For basically anything else I'd say letencrypt + dnssec + CAA record is a pretty strong position and will be technically more secure than any standard setup. The 'lack of revoking' argument that was passed around a few years ago no longer seems to apply too which is good.

    Thanked by 2Falzo vimalware
  • FalzoFalzo Member

    the article is bs or someone shilling for paid business and crying because letsencrypt makes them obsolete.

    of course a compromised KMS would be a problem, for any CA, and yes the argument here obviously shall be that the big market share would lead to so many people affected, and those probably won't even notice, that they would need to replace their cert.
    though this leaves out, that the automation and short lifespan of the certs are there for a reason.
    I also do think that a breach/problem in the letsencrypt CA would cause much more media echo in a much shorter amount of time, then with any other CA...
    also no skin in the game? that's bs as well, as even though it's non-profit the big techs involved have a reputation to lose (and probably money as well which they invested into letsencrypt nevertheless).

    tl;dr; the mimimi is strong in that one.

  • jsgjsg Member, Resident Benchmarker

    There are some points worth to be considered in that article.

    But there is also a major nonsense bomb in it. No, a man in the middle can Not decrypt all traffic of sites using a given cracked CA's certificates. That's not how the PKI works. The private key of the CA is used to sign (end user) certificates but the CA does not even know the private keys of its customers.

    What a MITM (having the CA's private key) could do is to "mirror" certain customers sites and using their own certificate.

  • rm_rm_ IPv6 Advocate, Veteran
    edited June 2019

    The only concern to have about Let's Encrypt, is them suddenly closing down, or becoming inoperable for a long period (months). Then everyone will have to scramble to buy paid certs for all their sites, since it is effectively impossible to switch a site back from HTTPS to HTTP without also having a valid HTTPS cert in place for an indefinite period of time. (Or else you lose all your visitors coming in from search engines or external links, especially if you used HSTS).

    I would love to have a viable free alternative, a second supplier so to say. Maybe that alternative could also provide 1-3 year validity certs, like WoSign used to, and which are more convenient in many setups.

  • jsg said: What a MITM (having the CA's private key) could do is to "mirror" certain customers sites and using their own certificate.

    Couldn't they create a new cert for the site, sign it with the cracked key, and then use the original to re-encrypt the traffic thus remaining invisible?

  • Article just seems to be a series of weak arguments.
    Fortunately, the comments (accumulating on Medium itself) are already tearing apart the author's opinion.
    Nuff said.

  • joepie91joepie91 Member, Patron Provider
    edited June 2019

    They use the incorrect term (it's "TLS", not "SSL", and has been for quite some time) while trying to look knowledgeable by using the full name; the article is full of non-sequiturs; it conveniently overlooks that there's already a handful of CAs basically controlling the signing for the entire market; it wrongly asserts that CAs can directly MITM using their signing keys...

    ... and it conveniently never actually makes any concrete arguments as to how a paid certificate would somehow be better (aside from the vague claim that they'd have "something to lose", which makes no sense), it just implies that free certificates are somehow uniquely vulnerable to this and then leaves the conclusion hanging in the air for the reader to make, presumably so that it's difficult to call the author out on a concrete falsehood.

    I have to agree, this sounds like shilling for a CA. Either that, or an exceptionally clueless rant. No actual concrete arguments are made in this article, it's all just implied dangers and vague problem descriptions. I can't really take it seriously.

    Bonus points for the "breach insurance" remark near the end of the article. Breach insurance is basically a scam; the conditions are so tightly defined that they will essentially never pay out anything.

  • YuraYura Member
    edited June 2019

    Pffft. This article is not worth tons of people spending their breathe to debunk some shill.

    Real problem is not Let'sencrypt or even useless paid certificates (buy it or don't, nobody cares) but the whole foundation it's built on. It's hilariously broken and there is no trust in the chain of trust.

    Thanked by 2BeardyUnixGuy jsg
  • foliofolio Member

    rm_ said: I would love to have a viable free alternative

    Scott Helme talked about Buypass as a free alternative to Let's Encrypt:

    https://scotthelme.co.uk/having-a-backup-ca-for-lets-encrypt/

  • joepie91joepie91 Member, Patron Provider

    @skorous said:

    jsg said: What a MITM (having the CA's private key) could do is to "mirror" certain customers sites and using their own certificate.

    Couldn't they create a new cert for the site, sign it with the cracked key, and then use the original to re-encrypt the traffic thus remaining invisible?

    That would likely lead to a lot of monitoring systems losing their shit, as a certificate would be used that wasn't committed to the Certificate Transparency logs. It can be done, sure, but it's sure as hell not "invisible" - it's an incredibly noisy attack, and these sort of after-the-fact monitoring systems are an often-overlooked factor by people arguing against TLS.

    Thanked by 3skorous sanvit uptime
  • joepie91 said: as a certificate would be used that wasn't committed to the Certificate Transparency logs

    Ahh, thanks for the clue.

  • user54321user54321 Member
    edited June 2019

    @joepie91 said:

    @skorous said:

    jsg said: What a MITM (having the CA's private key) could do is to "mirror" certain customers sites and using their own certificate.

    Couldn't they create a new cert for the site, sign it with the cracked key, and then use the original to re-encrypt the traffic thus remaining invisible?

    That would likely lead to a lot of monitoring systems losing their shit, as a certificate would be used that wasn't committed to the Certificate Transparency logs. It can be done, sure, but it's sure as hell not "invisible" - it's an incredibly noisy attack, and these sort of after-the-fact monitoring systems are an often-overlooked factor by people arguing against TLS.

    Browser don't trust Certs that are not in the CT logs anymore, so it would create the same errorpages as doing MITM with a self signed cert.
    It will be very visible to the enduser and if the Website is on the HTTPS Preload list the user couldn't even if they want to ignore that because the website would be not accessible for them, because there is no skip this warning option for them.

    In conclusion, that medium article is a big pile of shit and not worth to be read.

  • joepie91joepie91 Member, Patron Provider

    @user54321 said:

    @joepie91 said:

    @skorous said:

    jsg said: What a MITM (having the CA's private key) could do is to "mirror" certain customers sites and using their own certificate.

    Couldn't they create a new cert for the site, sign it with the cracked key, and then use the original to re-encrypt the traffic thus remaining invisible?

    That would likely lead to a lot of monitoring systems losing their shit, as a certificate would be used that wasn't committed to the Certificate Transparency logs. It can be done, sure, but it's sure as hell not "invisible" - it's an incredibly noisy attack, and these sort of after-the-fact monitoring systems are an often-overlooked factor by people arguing against TLS.

    Browser don't trust Certs that are not in the CT logs anymore, so it would create the same errorpages as doing MITM with a self signed cert.
    It will be very visible to the enduser and if the Website is on the HTTPS Preload list the user couldn't even if they want to ignore that because the website would be not accessible for them, because there is no skip this warning option for them.

    In conclusion, that medium article is a big pile of shit and not worth to be read.

    Hmm. Is that already the case? I thought that that failure mode would only be added much later, and currently it's still a soft-fail where it accepts the certificate but reports it to the browser vendor?

  • oneilonlineoneilonline Member, Host Rep
    edited June 2019

    @rm_ said:
    The only concern to have about Let's Encrypt, is them suddenly closing down, or becoming inoperable for a long period (months).

    Yes! This has always been my concern too. It would be chaos.

    @folio said:

    rm_ said: I would love to have a viable free alternative

    Scott Helme talked about Buypass as a free alternative to Let's Encrypt:

    https://scotthelme.co.uk/having-a-backup-ca-for-lets-encrypt/

    Thanks! Never heard of him or them! Good find.

    Yes, most of our CPanel customers use Lets Encrypt not only because it's free but also because it's one click and you're good to go! For CPanel sites I see no issue with it, nothing hosted is that critical. If it was that critical you wouldn't be using CPanel anyways.

    In terms of hacking a site to be a "middle man" sounded ridiculous to me, which made me question all the technical aspects of the article. If someone were to put that much effort to be a middle man, there are a lot easier ways to get at data.

    Yes, Lets Encrypt is better than nothing at all, which was the case prior to them arriving on the scene.

  • jarjar Patron Provider, Top Host, Veteran
    edited June 2019

    This article is bad and he should feel bad.

  • user54321user54321 Member
    edited June 2019

    @joepie91 said:

    @user54321 said:

    @joepie91 said:

    @skorous said:

    jsg said: What a MITM (having the CA's private key) could do is to "mirror" certain customers sites and using their own certificate.

    Couldn't they create a new cert for the site, sign it with the cracked key, and then use the original to re-encrypt the traffic thus remaining invisible?

    That would likely lead to a lot of monitoring systems losing their shit, as a certificate would be used that wasn't committed to the Certificate Transparency logs. It can be done, sure, but it's sure as hell not "invisible" - it's an incredibly noisy attack, and these sort of after-the-fact monitoring systems are an often-overlooked factor by people arguing against TLS.

    Browser don't trust Certs that are not in the CT logs anymore, so it would create the same errorpages as doing MITM with a self signed cert.
    It will be very visible to the enduser and if the Website is on the HTTPS Preload list the user couldn't even if they want to ignore that because the website would be not accessible for them, because there is no skip this warning option for them.

    In conclusion, that medium article is a big pile of shit and not worth to be read.

    Hmm. Is that already the case? I thought that that failure mode would only be added much later, and currently it's still a soft-fail where it accepts the certificate but reports it to the browser vendor?

    It is hard fail and you can test it with a older version of chrome if you start it with arg
    --disable-features="LegacySymantecPKI" and set your system time to 2017 on https://invalid-expected-sct.badssl.com/

    Thanked by 2joepie91 TheLinuxBug
  • tl;dr: The article didn't say anything in particular.

  • joepie91joepie91 Member, Patron Provider

    @user54321 said:

    @joepie91 said:

    @user54321 said:

    @joepie91 said:

    @skorous said:

    jsg said: What a MITM (having the CA's private key) could do is to "mirror" certain customers sites and using their own certificate.

    Couldn't they create a new cert for the site, sign it with the cracked key, and then use the original to re-encrypt the traffic thus remaining invisible?

    That would likely lead to a lot of monitoring systems losing their shit, as a certificate would be used that wasn't committed to the Certificate Transparency logs. It can be done, sure, but it's sure as hell not "invisible" - it's an incredibly noisy attack, and these sort of after-the-fact monitoring systems are an often-overlooked factor by people arguing against TLS.

    Browser don't trust Certs that are not in the CT logs anymore, so it would create the same errorpages as doing MITM with a self signed cert.
    It will be very visible to the enduser and if the Website is on the HTTPS Preload list the user couldn't even if they want to ignore that because the website would be not accessible for them, because there is no skip this warning option for them.

    In conclusion, that medium article is a big pile of shit and not worth to be read.

    Hmm. Is that already the case? I thought that that failure mode would only be added much later, and currently it's still a soft-fail where it accepts the certificate but reports it to the browser vendor?

    It is hard fail and you can test it with a older version of chrome if you start it with arg
    --disable-features="LegacySymantecPKI" and set your system time to 2017 on https://invalid-expected-sct.badssl.com/

    Interesting, didn't know that that had already happened! Learned something new today :)

  • rm_rm_ IPv6 Advocate, Veteran

    folio said: Scott Helme talked about Buypass as a free alternative to Let's Encrypt:

    https://scotthelme.co.uk/having-a-backup-ca-for-lets-encrypt/

    That's great to see, tried it out yesterday, worked with certbot, albeit they don't support my .香港 domain, and it failed to make a cert for other domain + subdomain. But not working with dehydrated, which is what I currently use and would prefer not to switch to certbot just for this.

    Thanked by 1folio
  • grnzgrnz Member

    All of the comments on the article are so on point on why the OP is a nut job. The entire article makes no sense. He's reaching for attention by his "outside perspective"

  • JarryJarry Member

    I lost 3min of my shortening life by reading that bullsh*t article.
    Who's gonna give it back to me???

    Thanked by 1uptime
  • I don't need read that article, because scotthelme is good for ubuntu 18 that ready make tls with nginx.
    let's encrypt was collaboration with EFF so you can make contribution & donating for EFF.
    Just make it sure updating every 3 months.

    Thanked by 1uptime
  • YuraYura Member

    @d2itsme has a perfect answer to anything

    Thanked by 3d2itsme uptime ehab
  • After i doing practice.

    Thanked by 1uptime
  • uptimeuptime Member

    @Jarry said:
    I lost 3min of my shortening life by reading that bullsh*t article.
    Who's gonna give it back to me???

    @d2itsme please help @Jarry - they need 3min of shortening life back

    Thanked by 2ehab ITLabs
  • NeoonNeoon Community Contributor, Veteran

    At least he does not sell SSL certificates, otherwise we would have put him through the mincer.

    I see it them same, as propaganda yet again.

Sign In or Register to comment.