StartSSL, please revoke me – My private key has been compromised(revokame.tonylampada.com.br) |
StartSSL, please revoke me – My private key has been compromised(revokame.tonylampada.com.br) |
$ gpg --gen-revoke $(whoami)@$(hostname -f)
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
How would you like to pay us?
(1) Mastercard
(2) VISA
(3) Other
Your selection?
Well, you never give them your private key, so… what could they possibly do??
On the other hand, showing a cold unwillingness to help when doing so is by far the above-and-beyond response doesn't engender good customer loyalty. It's also how StartCom operates. This is the same cert authority that insisted that I send them a full, unredacted copy of a mobile telephone bill with every "family plan" member's full call, SMS, and data history in order to call me. Otherwise, they could only "verify" me by sending a snail mail letter from Israel to South America (where I lived at the time). Independently-linked, outside verification databases operated by local government entities weren't sufficient.
At least they're consistent with their "rules are rules" processes.
Their stance is entirely correct
CAs must revoke Certificates that they have issued
upon the occurrence of any of the following events:
...
the CA obtains reasonable evidence that the
subscriber’s private key (corresponding to the
public key in the certificate) has been compromisedIn fact, a place in the revocation list should be reserved every time a cert is issued, possibly with a mechanism to trigger it with the private key. For example, if I send a message encrypted/signed with my private key to the revocation authority, they can decrypt/verify it with my public key, which they received when the CA issued my cert.
Because a major reason for revocation is when the private key has been compromised.
>Because a major reason for revocation is when the private key has been compromised.
His point is that whoever compromised the key is not interested to put it in the revocation list. If he does it... well, he did the good thing.
Unless, you mean that the owner has lost access to the private key itself. For that case, I can see CA's having the power to revoke certs in addition to my suggested method.
What if the CA notices they issued a fraudulent certificate?
Users don't trust Verisign or StartSSL, they trust whoever Mozilla, Microsoft or Google trust. Stop accepting new CAs in to the browser whitelist, start a CA for the public good with a true open source, full disclosure mentality. Why not?
There was an interesting thread on the subject of starting a CA on the crypto-list last year ("How much does it cost to start a root CA ?"), see eg:
http://lists.randombit.net/pipermail/cryptography/2013-Janua...
http://lists.randombit.net/pipermail/cryptography/2013-Janua...
http://lists.randombit.net/pipermail/cryptography/2013-Janua...
And for good measure, on the subject of certs and trust, the thread after:
"another cert failure" (2011)
http://lists.randombit.net/pipermail/cryptography/2013-Janua...
Not that revocation will have much practical effect on the unlikely event of his keys having been compromised, and an attacker considering his website important enough to MITM - and having the means to do so to a sufficiently large audience to make it worthwhile. Seems like a lot of fuss over nothing much, in this case.
EDIT: Also just to note that the private key he has shown on this website was compromised solely by him putting it there, and not extracted via Heartbleed. Indeed, the certificate was created a few days after the vulnerability was reported and fixed. Makes this strange cry for attention even more absurd.
[1] https://freedomsponsors.org/faq#How%20do%20payments%20work?
This is pretty hard to find in general, and the ssls.com interface does not make it any easier.
For example the same 8 domain wildcard Positive SSL Multi-Domain: £360
I could revoke my cert a dozen times a year and it would still be cheaper than anything else I've found - happy to be informed of viable competitors at a similar price though (not necessarily lower)
As someone with several side projects (like most of us - I assume) this type of certificate is essential if we are to use SSL at all.
The difference between 4,99$ and 0$. I can bear a slow loading page that I can barely navigate through as long as I can save 4,99$ (or more).
PKI as it stands is fucked up.
Funny the author didn't see it that way when he started using their service.
Arguing that someone else made a mistake which renders your mistake unimportant under some circumstances is neither excuse nor justification, in particular not for continuing to make that mistake.
Anyone that cares about security is going to be looking at what their software does and ensure its configured securely. Not posting on hacker news about a "toy OS there with the fancy graphics" like a ninny.
That being said, PR wise, this was a pretty dumb move by them. It should've been a great PR opportunity for them, by submitting a blog post on HN about how serious this issue is and how they're going to allow everyone to revoke their certificate, say for the next 7 days, or even 48h. Everyone would've had their hands in the air cheering for StartSSL, about what an awesome company it is for doing this, and they would've gained a lot of good will and trust from the community for many years to come.
Instead, they saw this as an opportunity to make as much as money as possible in the short term, regardless of how catastrophic this vulnerability was. In a way, it's like stores raising the price of food and water in a time of crisis (natural disaster, war, etc) because they know they can get away with it then, since so many people need it, and they're the only source in the area.
Bottomline is, they could've made a judgement call to "not make" some extra cash in this period, while gaining a lot of long-term trust from its current and potential customers, but instead they decided to take the money, and have a PR scandal on their hands. Not a great move at all.
When Mozilla put them in my browser, they promised “we will make sure that only people who own the domains get certs for them”. Now there are a bunch of people with leaked private keys and StartSSL is apparently doing nothing about them.
Note that I don’t care what StartSSL wants their “customers” to do, nor do I care what these “customers” want StartSSL to do, but I do care about private keys with associated valid StartSSL certificates floating around the internet, and it is not the responsibility of the owners of these keys to revoke the certs ASAP but StartSSL’s. Given that they don’t seem willing to do so, I’ll have to remove their CA from my browser.
One easy way out for “free certs” would be a clause like “If we have reasonable evidence that your certificate is compromised, we will revoke it immediately and you agree to pay a handling fee of 25 € for that.” in their Terms and Conditions. If such a clause would be illegal, I guess free certificates are just not feasible.
Unfortunately for various historical fuckups, we consider self signed certificates to be more dangerous than cleartext unsecured http. Lots of scary warnings pop up. That is absurd. Starcom is helping fix this by issuing free certificates.
The Mozilla CA policy does not include a provision for obvious trolling and posturing. If Starcom were to be forced to revoke your certificate for free, why would anyone else (on any CA) ever pay for revocation?
Strange, because when I revoked my cert at StartSSL yesterday (and payed for it), the browser, Firefox on Ununtu immediately showed it as revoked. With a big bold warning when visiting the page.
This is not your garden variety, "I screwed up my .htaccess file and accidentally leaked my private key to the world" situation. This is a special case, and some special case rules would be really appreciated by this one, at least.
This isn't really trolling, after Heartbleed we should consider all SSL certs used by OpenSSL based servers as compromised. This sites just tries to make the point more obvious by putting such compromised cert in public view.
"I'm not angry, I'm just disappointed"
In terms of your business transaction with StartSSL, the private key is still only known to "you".
The private key being not private is the very definition of "compromised" when applied to the CA security architecture. Whether StartSSL has a different definition is completely immaterial to the Mozilla policy.
Now you're right that it's not StartSSL's fault that OpenSSL suffered Heartbleed, but nor is it the various end customers' fault (unless they introduced the bug themselves?). So pinning down the response to this as a simple exercise of assigning blame and responsibility completely misses the point and does nothing toward resolving what is admittedly a very difficult question.
Had I done that myself properly earlier, I'd have some less heartache in my future.
Unfortunately, it seems as if Mozilla doesn’t care about the security of their users, otherwise this sorry excuse for a CA would have been dropped from their trust store already.
If I paint two pieces of art, one I let you view for free, the other I charge to view - are you only entitled to an opinion on the latter?
I understand the word "must" to mean that they cannot add additional strings, such as payment, to their obligation to revoke the certificate. Is there another way of interpreting it that I am missing? I guess you could interpret it as "must provide a mechanism", but I can't see that that was the intent of the original document.
Mozilla's use of the word "must" here I think is important, because the barriers to correctly dealing with a security breach should be minimized. For better or worse, root CA's are entrusted with maintaining the security of large chunks of the internet. Charging users who suspect that their certificates _may_ have been compromised (due to the Heartbleed bug, in this case) will cause users to err on the side of inaction, which is going to weaken internet security in the long run.
Saturday, April 12, 09:50 (GMT-3)
OK, so here's my reply to Nikolai:
"Let me address this question.
> Anything about free revocations there?
It doesn't, but that's not relevant. It's pretty damn clear: You see the evidence, that alone should be enough for you to take action.
If you take Mozilla's policy by the letter, one doesn't even have to own a certificate to be able to request its revocation. All that should be needed is the evidence of compromise.
If I disclosed the private keys for a certificat I don't own, would you just ignore that information? Or would you come after the certificate owner demanding payment first?
You're a CA, A CA!!! You should be worried about the security of the internet above all things.
You should also be worried that you have a bunch of green padlocks around that don't mean what they once did. You're not worried about that. So in my opinion you don't deserve the trust of the internet anymore.
Cheers Tony"
Their basic free Class 1 certificates are advertised on their website as “No Charge, Unlimited + 100 % Free” and “No Kidding 100% FREE”.
It wasn’t hard for me to find the provision that revocations cost $24.90 in question 72 of the FAQ, but it’s not exactly highlighted either. It’s probably not something that most people think about; they probably assume that StartCom provides free certificates (and have the automated infrastructure to do so) for publicity and/or to up-sell paid services. And I did actually go to a paid StartSSL service, which I probably won’t renew.
This isn’t to say that I have a “right” to a free revocation, and I should read the fine print, but I think I’m justified in lowering my opinion of their business practices a few notches.
IMO, as long as the key is only known to people who the rightful owner explicitly wanted it to possess, it is not compromised.
This is just an extreme case of a troll wanting the whole world to have the key.
It has nothing to do with Heartbleed! Posting your private key in a gist on the web is not the same as being victim to some hacking because of a OpenSSL bug.
This key is now public and must be revoked. Bottom line. StartSSL can even conceivably invoice him for the work, but they have to revoke it if they want to be a CA in a secure public-key infrastructure.