Pathological customers: when you give them free stuff, they will demand more free stuff, and if you refuse them more free stuff, they will do their darndest to destroy your business.
Meanwhile, look at all the nonsense that e.g. GoDaddy (who also charges for revocations) is not getting right now. Because the folks with altered understandings of reality got scared away by the $20 or whatever it costs on year 1, and are plaguing StartSSL instead.
> Pathological customers: when you give them free stuff, they will demand more free stuff, and if you refuse them more free stuff, they will do their darndest to destroy your business.
I guess you caught me. On the other hand, at the time I started using StartSSL, the cheapest non-free certificate provider I could find charged something like €70 a year, which was more than it was worth to me. Just two days ago I happened to look for cheap certificates again and found one for €9, and I'd totally pay that as long as my real name can stay anonymous (like now with StartSSL, my name isn't included in the certificate).
So it also has much to do with how much you charge. Free is a special price and may make people ask for unreasonable things, but if the choice is between nothing or more than it was worth, that choice is very easy. Then when shit hits then fan...
>Meanwhile, look at all the nonsense that e.g. GoDaddy (who also charges for revocations) is not getting right now. Because the folks with altered understandings of reality got scared away by the $20 or whatever it costs on year 1, and are plaguing StartSSL instead.
FWIW, GoDaddy didn't charge me anything to rekey my certificate.
I also have a certificate with StartSSL, but on finding it would cost $25 to revoke, I purchased a new one from namecheap for $10. I know this leaves the StartSSL cert potentially floating about but it's only for a personal site (no real valuable data) so que sera sera…
If you read the linked thread, some of their paying customers are apparently unhappy about being charged $25 per certificate to revoke them. (In some cases, this could cost substantially more than they paid for the certificates in the first place.)
As a free SSL provider I think this is entirely valid for them to charge for revocations. Plus, it's entirely possible that not all people using certificates from StartSSL are using OpenSSL.
It's the cert owner's prerogative to ensure their certificate is properly secured. There's no reason for debian/mozilla to remove StartSSL from their CA lists. If you have StartSSL and you used OpenSSL 1.01f or another vulnerable version, pay the $25 and move on-- it's cheaper than if you used godaddy.
It is totally valid for you to be a jerk, and then it is totally valid for other people to call you out on being a jerk.
Yes, maintaining a revocation list costs them time and money. But this is a Big Deal. Extenuating circumstances. They have a social responsibility here, and they're failing at it.
It is totally valid for people to call them out for not going above and beyond, but that doesn't mean Mozilla/Debian/etc should be popping them out of CAs.
The mob is welcome to mob, but Mozilla and Debian shouldn't be making decisions based on the whims of the mob.
If you can't trust the certificates they produce, then they should be removed. And there will be a lot of valid-but-dangerous certs in the wild from them.
You can trust the certificates they produce. It's only users who were running exploitable OpenSSL who's certs are at risk through no fault of StartSSL. There will be many perfectly safe certificates from other customers affected if the root trust is revoked.
You can trust some of the certificates the produce, but you don't know which one. A responsible person would trust none of them, because you can't know who you can and cannot trust.
Their certificates are perfectly trustable. The ones you shouldn't trust are the irresponsible domain owners who refuse to pay 20 fracking dollars for their users' security. It's not like StartSSL are actively refusing to revoke the certificates.
Sure. How many of those are there? My understanding is that most CAs let you revoke and re-issue your certs for free for the year you've paid them for.
This is roughly equivalent to expecting a locksmith to re-key your lock because you left your keys sitting in public for a couple years. Why would a locksmith have a responsibility to do that? His lock and key were fine, you (or people/processes you trust) were the issue.
Your analogy does not allow for the distinction between revocation and renewal. You might not expect the locksmith to renew your lock for free - but you should be able to remove it without paying him.
It's also three times the annual price of a certificate from PositiveSSL, plus StartSSL's "free" certificates have various annoying restrictions intended to encourage you to move to the premium product (fixed expiry period of one year, can't renew until a fortnight before it expires, various limitations on what you can issue, ...)
If it was a StartSSL security leak, then I would expect them to give away revocations for free. But if YOU, the customer, leaked your own private key by running some bad software? That's simply not their fault, nor their problem.
With a regular CA, you pay upfront, and you can revoke and reissue with no problems. If you trust a CA that does this, you can count on the fact that anybody buying a cert from that CA has the ability to grab a brand new certificate whenever they want until the expiration period.
But with a CA like StartSSL, they give out certificates without guaranteeing that websites using those certificates have the ability to regenerate their certificate. If a website gets compromised, since they haven't paid upfront, you don't know if they will pay to reissue. They might just keep quiet and pretend there was no security breach, instead of doing the proper thing and renewing the certificate. If you know they paid upfront, you can be more sure that they will take advantage of the free renew upon a security breach.
I find this issue to be vaguely similar to the difference between socialist healthcare systems and privatized healthcare systems. If everyone is guaranteed to have healthcare because it must be paid through their taxes, then people are generally healthier since they are encouraged to go to the doctor. But if you must pay a bill whenever you receive healthcare, people might be encouraged to forego treatment or checkups that could catch deadly diseases in an early phase before they become life-threatening. I don't really think this is a good analogy though because the other pros and cons of both healthcare systems don't map well to this problem.
StartSSL's denying free cert revocation does not make them untrustworthy from a technical perspective. The onus remains on the site owner to implement their site security properly and pay any fees necessary to do that. So the only issue here is a moral one and whether you believe they have a responsibility to revoke these certificates for free.
I think that given the extenuating circumstances, they probably should revoke the certificates if requested, but I have no right to demand that they do so.
>They might just keep quiet and pretend there was no security breach, instead of doing the proper thing and renewing the certificate. If you know they paid upfront, you can be more sure that they will take advantage of the free renew upon a security breach.
This is the point that I'm not so sure about. I know there are plenty of people running SSL certs (from any company) that have no idea what Heartbleed is, let alone what 'certificate revocation' means or why they'd ever do it.
Alice's Lemonade Stand charges $0.25 for a cup of lemonade,
gives out free refills, and will give you a new cup each time.
Bob's Lemonade Stand gives out free lemonade with free refills,
and gives you one free paper cup to start with,
but you must use the same cup each time.
Bob charges $0.25 to replace a lost, damaged, or dirty cup.
So basically people who go to Bob's Lemonade Stand are incentivized to continue drinking from the same cup even if it's dirty (its integrity is compromised.)
Of course it's not a perfect analogy since certificates eventually expire, but you get the idea.
This is akin to saying Amazon Glacier should be boycotted for having a low cost of entry and high cost on the other end.
Their business strategy isn't a secret. If there were a vulnerability found in btrfs and a wave of people had their filesystems go belly up, I'd not expect Amazon to change the price of restorations.
The issue here is not about boycotting StartSSL because of their 'vulture-like' business model, it is about whether StartSSL can be trusted by browsers to actually secure connections. It can be argued that StartSSL is not actually providing an acceptable level of security, since the ability to revoke and regenerate a certificate is part of the service that a CA should provide. If StartSSL isn't performing security audits, gives out free certificates like candy, but charges for maintaining security, none of the free certificates are actually known to have any level of security.
There are many websites using StartSSL certificates that could also be using a compromised private key. Should there really be a lock icon in your browser if your connection is not actually secure?
StartSSL does provide revocation and regeneration of certificates. They charge for this service, just like other CAs charge for generation of certificates.
I would much rather StartSSL provide free certificates, even knowing that not everyone whose private key was compromised regenerated a certificate, than have StartSSL pulled from trust stores and thus cause fewer future sites to not have SSL because of the associated cost.
This is more of a problem with the simplistic trust model that is typically used with X.509 and TLS, rather than a problem with StartSSL. The type of security that you are suggesting is similar to opportunistic encryption or decentralized trust. Self-signed certificates are intended to fill this role, however, it is too difficult for the average user to use self-signed certificates securely, so browsers put up a scary warning to protect users from themselves. If cryptographic concepts could be securely exposed to end-users, then self-signed certificates could be used securely. In that case, StartSSL wouldn't even need to exist. Unfortunately in the current trust model that is being used, StartSSL has to exist to fill the niche for people who just want SSL to work. But because of recent events, this creates a problem in which the all-or-nothing security model essentially requires that StartSSL be blacklisted because of their business model.
Keeping in mind that while plain self-signed certs just don't work at all given user-behavior, self-signed certs plus TACK have about the same security level as SSH host keys. If-and-when most browsers have TACK, and most sites use TACK headers, the CA infrastructure will become mostly (though not entirely) irrelevant.
I don't think StartSSL is obligated to provide free stuff. If anything, StartSSL should be obligated to charge money for their service, if they expect to remain competitive. As it stands I think that StartSSL's free certificates do not meet my standards for what the lock icon in a browser should mean.
Security is a lot more complicated than that little lock icon, anyway. Security means different things to different people, devices, and protocols. It's a UX/UI problem. What we need are fresh ideas on how to convey security concepts through GUIs and human interfaces. We need ways of visualizing privacy and trust networks (things like Lightbeam and Collusion), and ways of securely building trust links (things like interactively-verified Diffie-Hellman over NFC, or ssh-keygen's randomart)
Not even sure where to begin with that. You can't simultaneously say we can't trust their certs because they charge to revoke, and say they should be obligated to charge money.
Whether or not their users follow good security practices is not something they can account for. The only way they could account for it would be to force revocation of all previous certificates. The same is true of every other CA. It's incredibly likely that many users of SSL across the board will fail to replace and revoke old certs, regardless of what CA they use.
I agree that there are flaws in the way we currently utilize SSL. But that is a fully separate issue, and not related to "Should StartSSL specifically be considered untrusted". StartSSL shouldn't be singled out to have their business destroyed because the industry as a whole needs to be improved.
Except the cups must be recycled where you bought them, and when they accidentally turn out to be super toxic Bob insists the recycling fee was clearly posted.
I don't know who's right here, but it's definitely not that simple.
It really is that simple. Bob didn't know the cups were toxic, there's no way he could have know, every lemonade stand had toxic cups, and he didn't raise the price of recycling in response. Bob isn't responsible for letting people off the hook due to circumstances outside of his control.
Well, this is not like the first time the TLS stack has a disastrous vulnerability. I think that giving out free certificates and charging for revocations is bad business since it sets bad incentives. Better then to charge upfront for issuing the certificates.
Well, I’d say the most valuable data is generally TLS-protected. E.g. Gmail, Outlook.com, Dropbox, etc. I sure would like to see even better TLS adoption rates than what the web currently has, but I don’t think that we should compromise the trustworthiness of the certificates in order to achieve this goal.
What makes the CA-issued certificates trustworthy is that they are in fact verified to belong to the legitimate owner of the domain. Doing the verification and maintaining the CA’s infrastructure is not free so I don’t think it’s very surprising that the vendors charge for their service.
"What makes the CA-issued certificates trustworthy is that they are in fact verified" ahahaha good one.
You should read about the history of Certstar, the Comodo RA. Why take money, expand ressources to verify the informations and issue the certificate when you can shortcut the verifications...
No matter how you look at it, the CA system is full of perverse incentives...
To be fair, I don't like Bob's business and wouldn't be his client. If you want me to pay for something, you'd better ask up front.
But then, StartSSL does not have a mandatory hidden cost. It just charges if you do something wrong.
The problem that everybody did something wrong and not by our fault is not exactly StartSSL's problem. I'd be impressed if they revoked the keys for free, but I don't see anything wrong on they not doing it.
As an end-user I couldn't care less about CAs, their business models, and the way they handle revocations. All I care about is that if I see a lock icon in my address bar I can be sure that the page I'm looking at comes from whom I think it comes from.
This is what should be driving Mozilla's decisions, not the moral aspects of charging for revocations.
This is a good point that seems to keep being ignored: do revocations even matter? Are browser makers planning on changing their defaults with regard to revocations? Is somebody planning a widespread consumer education campaign regarding revocation? If not, this whole issue seems like a bunch of noise that doesn't have much real impact.
Any links to specific threads? I don't find anything when searching that list for "revocation" or "revoke", though there seem to be lots of threads about CAs in general, so maybe there's relevant discussion in some of those.
The right keyword to search for is OCSP, because CRLs are completely impractical in the browser.
But then we have the issue that OCSP is a pretty retarded protocol. OCSP stapling helps with some issues, but there is still the issue that it doesn't really check if a certificate is valid, but whether a certificate bearing the given serial number is valid. Which didn't help AT ALL when using MD5 collisions people managed to create multiple certificates under the same serial number.
Comodo Positive SSL for $9/Year offered by namecheap is really very much cheap in price, but there is one more SSL certificate vendor "CheapSSLSecurity" that offers comodo Positive SSL at only $5.99/Year and if you are purchasing it for 5 year then the price is most cheapest at $4.80.
For Wildcard SSL Certificate I've found that "CheapSSLSecurity" offers it at $72.95/Year and $58.36 for 5 Year.
Now this seems like something that StartSSL would want to be in front of rather than risk everything by having compromised certs out there with their name on them. I would think that kind of behavior would put their CA status at risk...
Their CA status is not at risk, was never at risk and will not be at risk in the future. Mozilla has made their stance clear that once you are in, you will never be removed (unless you were compromised, at which point they'll happily add your new CA).
I'll certainly not claim that we can magically make TLS work by starting to enforce the requirements we put on CAs. But we should call Mozilla out for their strongly worded letters and other nonsense to get some momentum for better solutions. The first step is admitting you have a problem.
True that they went bankrupt, but they filed on Sep 20th 2011, and the Mozilla decision to permanently remove them was a week prior or at least on Sep 2nd 2011; thus "unless you were compromised, at which point they'll happily add your new CA" is not correct.
EDIT: To clearify, this is the phrase that we seem to be arguing about:
Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort. (from the Mozilla Security Blog link above).
They were effectively out in the cold, not "in once you're in" after the incident.
This is utterly ridiculous. These people signed up for a free SSL certificate knowing that revocations would cost them money. Enforcing a contract that both parties willingly agreed to does not make them untrustworthy, it demonstrates that their customers carry immense senses of entitlement.
There are tons of SSL certificate providers out there. Their business model was not a secret when folks signed up.
I am not their customer. At most, I am their customers' customer. Why do I have any obligation toward StartSSL? If StartSSL is free to choose a business model, then others are free to make judgment based on that business model.
Should the customers of StartSSL pay the revocation fee? Yes. Should StartSSL be required to give free revocations? No. Are either of those at all relevant to whether or not I should trust StartSSL certificates, given that they are less likely to be revoked when they need to be revoked?
The business model an practices of the company are completely irrelevant to the people concerned in this case though - the users of the web browser. They never signed up for shit, and they have no incentive to trust a business which refuses to invoke compromised certs because people are unwilling to pay.
Yes, this doesn't make them untrustworthy as a business, since their business model was known - it does make them untrustworthy as a party which is meant to be securing the web though - because they'll be failing at it spectacularly.
Again: I never signed up to shit, and their business model means shit to me too - I just want some degree of security when browsing.
The other responders have no idea what you're talking about.
You're right, of course, but I suspect most other CA's certificates should also not be trusted even though they don't have this revocation hurdle because a lot of these certificates were given to unsophisticated users who aren't going to revoke compromised certificates anyway.
Who am I going to trust less? StartSSL certs? Or OpenSSL?
I'm not saying I don't appreciate the hard work the two OpenSSL developers put into the code. But its incredulous that we're upset a business would give away a service due to an event completely out of its control.
I would argue that something that is the underlying component of e-commerce, privacy, and security for the majority of Internet activity should probably be audited.
At least StartSSL will have good certificates for everybody in their free tier in 12 months.
Can any of the other CA's make that claim?
So, are you going to lead the charge at the rest of the CA's?
And, I suspect that StartSSL couldn't possibly handle every single person calling them up to revoke a certificate right now. And that is NOT their fault--they didn't cause this bug.
People would better be advised not to trust admins who can't shed 20 bucks for their users' security. Most likely these are the same admins to whom you certainly wouldn't want to give an email, password or any sort of confidential information.
Who is suppose to pay for staff time require to manually maintain the revoke list?
BTW, revoking a cert doesn't stop it from being used in the wild as plenty of clients will still see it a valid cert. We are basically screwed until all current certs expire.
No, any StartSSL cert. There are still unpatched systems and there likely will be for quite some time. Just because there's a CVE doesn't mean everyone updated
Sure, and there are also StartSSL certs used on systems that don't use OpenSSL.
Do we just nuke every certificate, destroy their business, and force people with secure computers to buy new ones elsewhere even though their servers weren't affected by heartbleed? Because that option sucks too.
As a user, I much prefer that my browser and my OS never ever again show a StartSSL-signed cert as valid over even just one compromised cert being displayed with a fancy lock. How StartSSL is going to achieve that, I don’t care, but neither do I care whether or not they go out of business over this.
StartSSL revoked one of my certs on request the night Heartbleed came out. I mentioned heartbleed in the form.
However, that was a $24.90 gamble.. They could just has easily billed me. Especially if you have a lot of different certs, that gamble may not be worth it.
Also, I'm a paying customer, having gone through their process to get a wildcard cert. A free customer may have different results.
And then, browsers don't check SSL cert revocations, and the infrastructure to check reovocations is apparently broken too. So this is a gamble with not much of a payoff.
I think that would have been a successful PR move, but deciding if they're rather have the money or goodwill is their choice to make. They told people upfront what the costs were, I don't fault them for following through with that.
Red Hat Enterprise Linux Server release 5.6 is still supported and ships with OpenSSL 0.9.8e which is not vulnerable. I am sure there are other examples as well. If I had a StartSSL certificate and the browsers started to remove support of them or warn that my site has a StartSSL certificate signed before a certain date and cant be trusted I would be really pissed.
I have always felt there was conflict between system administrators wanting proven and stable versus developers wanting bleeding edge. I have given up the fight when it comes to web development and use Ubuntu 12.04LTS which still is not bleeding edge enough for most of my dev's. For infrastructure components outside of web development though I dont think its a safe assumption that people are on a vulnerable version.
This is a prime example of why I would never give anything away free. Unrelated to SSL certificates; I rather throw out my old equipment than give it away since the people I give it too will never be happy and don't understand its free for a reason and demand support. The fact that you cant afford something better does not give you rights to it.
I'm worried that StartSSL free certs will stop being trusted. I run a service (tny.im) where HTTPS is not essential, but I like to provide it, to secure logins if not for anything else. However, I make little to no money from that website, and so I rather not invest much money in it. By the price SSL certs go, if StartSSL became untrusted, I'd have no choice but remove SSL support, or issue my own certificate which is as bad as not having HTTPS.
StartSSL plays an important role in ensuring that all websites, no matter how small, can provide https access. I recommend it to people that are just launching a service; their reaction often is like "SSL? You know how much that costs? I can barely pay for the server!" but they happily go through the trouble of installing a StartSSL cert when they understand that it will only cost them the effort. Without StartSSL these people would never implement https, if for some reason they didn't want to spend money with their project as is often the case with things done in their spare time.
Personally this is even more disgusting, because I know for sure that my certificate has not been compromised: two days ago my service was hosted on a server with OpenSSL 0.9.8, and today I was forced to migrate to a new server due to issues unrelated to Heartbleed, and the certificate was not installed before updating OpenSSL to a patched version. And as some users have said, other people may be using StartSSL free certs on systems that don't even use OpenSSL.
There's also something we should not forget: free StartSSL certificates are only valid for one year. That means that any cert will only be compromised for, at most, a year. My cert will expire in June, and then I'll be able to issue a new one, which (even if I wasn't sure the current one isn't) definitely isn't compromised.
Things add up, you know... $20 for a cert, plus $10 for a domain, and not even taking into account the server, it's $30. Now imagine you have five or six side-projects, you may not be willing to spend $150 per year to maintain them, especially when you get little to nothing in return.
It's not like every website must have a profitable business plan just to be online and secure...
Is there any actual data anywhere (ANYWHERE) that suggests this is the case? Or statistically more the case than any other CA with a more traditional payment model?
Or is this hand wringing about the stupid people who got the free certificate from the stupid company that likes to give away free certificates but under normal circumstances they might actually charge people for some other part of the service that almost no one ever uses?
I've been using PositiveSSL. I am paying less than $10 a year for a basic cert, revocation is free.
I don't know anyone else who uses it, but there's nothing not to like so far, unless you are the sort who expects to pay nothing at all for your certs.
Today I was searching for PositiveSSL Certificate for my website.
I Googled and found many online store offers PositiveSSL Certificate, but there were major difference on price. I've found some stores offers PositiveSSL at $49/Year, $19.95/Year, $12/Year, $9/Year & $5.99/Year.
I want that PositiveSSL certificate for 5 Years. SO I've bought it from CheapSSLSEcurity at only $4.80/Year. I loved their service. The certificate was issued minute and its now live on my website.
This is the SSL cert provider used by Namecheap, I just got my first SSL cert signed here, the experience was smooth.
The longest delay in the whole process was from my own mailserver at the verifying site listed in the WHOIS record, which does greylisting (so it usually takes about 30 minutes to start exchanging mail with anyone you haven't received mail from before, since the server has to wait for them to retry...)
The whole process was smooth as butter, $9 later I have SSL support on my site.
5 minutes of their employees’ time probably cost more than that. And of course it would be silly for a business like this to charge for cost instead of value.
I have about 30 certificates from StartSSL. Four second-level domains, and best security practices recommended having a separate key per service, so web server has its own keys, so is email server, XMPP and so on. The idea was that if one's compromised - others would hopefully remain safe.
Call me names, but I'm not going to shell out $750.
Meanwhile, look at all the nonsense that e.g. GoDaddy (who also charges for revocations) is not getting right now. Because the folks with altered understandings of reality got scared away by the $20 or whatever it costs on year 1, and are plaguing StartSSL instead.