https certificates?

[pau1ie]

It worries me a little that this website doesn't have a https certificate. This leaves users at risk of session hijacking and possibly password sniffing when they are on wifi hotspots e.g. at meetups.

Have you considered using Let's Encrypt? I set it up on my own website. It is free. Once you get it working, it requires no intervention. There is a cron job which checks if you need a new certificate periodically and updates it automatically if you do.

I found the install script broke my configuration, but this was many months ago so it might be fixed by now. I think it may have been confused because I had already configured https for a purchased certificate. Anyway, it was quite easy to recover and make the changes manually. The automatic update works fine though.

[danielj]

I'd hope that no one used a password on here that they used on anything important (as it's just a forum). HTTPS did cost money but I'll have a look at what you've suggested there, it looks interesting!

d.

[1024MAK]

World of Spectrum forums changed to https not long ago.
Worth looking into me thinks.

Mark

[Prime]

I'd hope that no one used a password on here that they used on anything important (as it's just a forum). HTTPS did cost money but I'll have a look at what you've suggested there, it looks interesting!

Self signed certificates would work if web browsers didn't try and scare you into thinking that it automatically means the site has been hacked.

Cheers.

Phill.

[roland]

If setting up the Let's Encrypt certificates on this platform is too much work, I'm willing to donate a Comodo PositiveSSL certificate for three years.

[sbadger]

Just pointing out, lets encrypt might not be the best choice right at the moment. There is a fair chance they could face recovation of trusted root CA in some browers/OSs

https://slashdot.org/story/17/03/25/2222246/over-14k-lets-encrypt-ssl-certificates-issued-to-paypal-phishing-sites

[BigEd]

Sounds faintly likely that that news story is promoted by a business which is threatened by Let's Encrypt. It's not at all obvious that Let's Encrypt did anything wrong: it's their job to issue certs to orgs which own domain names, not their job to control which domain names orgs own. (EV certs are a different case, they demand higher standards, but they are not part of this story.)

[pau1ie]

There is a fair chance they could face recovation of trusted root CA in some browers/OSs

I can't see any suggestion of that in the story linked to from the slashdot article.

[paulv]

I have several clients that have tried the Let's Encrypt route and all but one has gone back to a more traditional certificate because they've found that many browsers simply aren't happy with the Let's Encrypt certs.

I'd be quite happy to chip in to an SSL certificate fund if there was such a thing. These days Comodo certs aren't that expensive for 2 and 3 year time spans.

This brings me onto another related question. Has it ever been considered that a "donate" link is put on the site somewhere in order to allow members to donate funds for the explicit use of hosting and upkeep of the site?

I used to be able to contribute more of my time to the forums and if I could manage it, I still would but these days, contributing to the community in other ways is more practical for me.

Paul

[sweh]

There are no requirements on CAs that issue DV (domain verified) certificates to prevent phishing certs. LetsEncrypt are fully compliant with the CA/B Forum standards. I haven't heard anything about the major browsers planning on untrusting LE.

FWIW, https://www.sweharris.org/post/2017-03- ... nsparency/ explains why I think the CAs _can't_ solve this problem (typosquatting) and sheer size of the attack surface (paypal seems an obvious one, but what about the gazillion of banks and shopping sites?).

I'm not the only security person to think this way; eg Scott Helme (he's a recognised name in the industry) https://scotthelme.co.uk/lets-encrypt-a ... ey-should/

To solve it at the CA level would mean, effectively, that DV certs would need to go away and every cert become an EV (Extended Validation) cert costing many $$$. Over 50% of all traffic is now encrypted ( https://www.troyhunt.com/https-adoption ... ing-point/ ).

The solution needs to be at the browser level where the UI lives; stop using the word "secure" for SSL sites, because the certificate is NOT a proof of entity of the person/company behind the site.

FWIW, most "LE certs are not trusted" issues are due to misconfiguration on the server (eg not including the chaining cert). You can test the server configuration at https://www.ssllabs.com/ssltest/ (I get an A+ for my site; https://www.sweharris.org/post/2016-10-16-ssl-score/ )

LE certs are cross-signed by "DST Root CA X3" which is in most browsers, these days. Some older java systems (java 6!) don't have the cert. Full details at https://community.letsencrypt.org/t/whi ... crypt/4394

[pau1ie]

I use lets encrypt for my family's owncloud installation. We have not noticed any browser that doesn't trust it by default, though I haven't searched extensively. We use it from home and work on several OSes including mobile devices. If you look at the sponsors, they are actually sponsored by at least two browser developers - Chrome and Mozilla, and a number of hosting companies. Also big names like Facebook and Cisco.

For me the big plus of lets encrypt was the automated renewal. Buying a cert is a rather manual process with a hard end date and Murphy dictates it will occur when you are busy for some reason. Lets encrypt I don't have to worry about, the certificate has been changed about three times since I went to them, and I didn't have to do a thing. I wouldn't have even noticed if I hadn't checked the expiration date periodically. I realise people might assume that since it is free you get what you pay for, but I really think it is superior to other options for this reason.

Like paulv I am grateful to those who donate their time and money to keep these forums running. They bring me a lot of pleasure, and I think the role in preserving the history of British Computing can hardly be understated. Thank you!

[paulv]

I should qualify my statement by saying I've not had contact with Let's Encrypt certs for several months so browser support may well have been improved through addition of the CA to the accepted browser lists.

As a software developer, I encountered even more issues with Let's Encrypt users because of Java JVM's not having the CA certs installed in their keystore on production machines so when sites switch over to Let's Encrypt, the CA certs need to be loaded into the relevant keystores. On production machines where there are deployment cycles, this can take *weeks* with some organisations to get sorted because of their insistence on deploying any and all changes to a test site before going to a staging site and finally moving everything into production. Whilst I understand this process is necessary for thorough testing, I tend to think that adding a cert to a key store is one of those things that could be done without too much fuss directly in production environments.

Paul

[pau1ie]

I had the same problem with the JVM not trusting a certificate issued by QuoVadis. I assume Oracle do a half hearted job with the JVM, and the administrators have to sort out the rest. This problem isn't limited to Let's Encrypt. My guess is that browsers are targeted at users who require hand holding, but JVM is targeted at administrators who know what they are doing.

[tautology]

+1 on this. As a person who works in the security industry; I recommend that every site is distributed over SSL where possible. SSL certificates are no longer stupidly expensive and can be obtain quite cheap, or even for free.

It should only take about 30 minutes of time to configure the site to use SSL as well.

[danielj]

I'm on it - it's just a question of getting some time!

d.

[Lardo Boffin]

+1 for the donate button.

[crj]

Let's Encrypt terrifies me. Although it's purporting to be fully trustworthy, in practice the only thing it protects against is control of a domain changing after the certificate has been issued. Certification is supposed to give a more sure proof of identity than that. I don't know whether or not they're about to lose their CA status, but they probably ought to.

A few years ago, I toyed with creating mendax.net, a CA that would sign literally anything you put under its nose. Yet again, life is very nearly imitating art. )-8

For what Let's Encrypt does, DNSSEC is strictly superior; here's hoping for more widespread deployment soon.

[flibble]

Let's Encrypt terrifies me. Although it's purporting to be fully trustworthy, in practice the only thing it protects against is control of a domain changing after the certificate has been issued. Certification is supposed to give a more sure proof of identity than that. I don't know whether or not they're about to lose their CA status, but they probably ought to.

You appear to have a misunderstanding of the levels of SSL certificates issued by all providers. Let's Encrypt only provides 'Domain Verified' certificates, these are also provided by all the commercial providers as their first tier of pricing. They are not going anywhere and no provider is going to lose their trusted status over providing them.

You have certainly visited hundreds of sites that are using Domain Verified certs from many providers without it causing an issue.

[danielj]

I only get worried if people start asking for valuable information. For the purposes of stardot, letsencrypt can verify the domain, let you know that you're talking to the right place, and ensure that comms between your computer and the server are encrypted. So long as you trust me to have generated the certificate

d.

[BigEd]

AIUI LetsEncrypt offers short-life certificates so it's mandatory to set up some kind of automatic renewal - and that's where the complexity lies. Is that right?

(Another option is to serve your site through CloudFlare, who run an edge-caching service. There are several choices for how you sort out their link to your server, including unencrypted - which still has value, depending on your threat model. It prevents the library or coffee shop, or their other patrons, from snooping your session and causing mayhem.)

[crj]

You appear to have a misunderstanding of the levels of SSL certificates issued by all providers. Let's Encrypt only provides 'Domain Verified' certificates, these are also provided by all the commercial providers as their first tier of pricing. They are not going anywhere and no provider is going to lose their trusted status over providing them.

No, I don't have a misunderstanding. Domain-verified certificates are next to worthless and shouldn't exist. Let's Encrypt is just the chief offender.

As I say, DNSSEC is strictly superior.

Commercial concerns have trumped legitimate security engineering. On the one hand, there's a race to the bottom to provide that little padlock symbol by any means necessary; on the other, it turned out that the reason the service of verifying an applicant's identity was valuable and expensive was that it was difficult.

[crj]

It prevents the library or coffee shop, or their other patrons, from snooping your session and causing mayhem.

If that's your only concern, use a VPN or Tor; no need for https at all.

[tautology]

It prevents the library or coffee shop, or their other patrons, from snooping your session and causing mayhem.

If that's your only concern, use a VPN or Tor; no need for https at all.

That's fundamentally missing the whole point of encryption - using Tor or a VPN you're just allowing people at the Tor/VPN end point to view the traffic. Plus there's no integrity checking that the server is valid.

With HTTPS you have client to server encryption and you have a secondary check that the server has been issued a certificate by a valid authority, so the server you're talking to is the server that you intended to hit.

LetsEncrypt provides a route for the average person to get an encrypted site up and running for minimal cost. The only difference between LE and some of the largest companies (e.g. GoDaddy) is that GoDaddy charge and issue the certificate for longer.

[danielj]

OK - if you want to connect via https, you should now be able to - please let me know if you have any issues!

d.

[philb]

OK - if you want to connect via https, you should now be able to - please let me know if you have any issues!

Yes. Rock!

[BigEd]

Works for me - excellent! Tried a few browsers and devices. (Links in emails are still plain http. I suppose you need to be sure, first, that they will work for everyone.)

[paulb]

That's fundamentally missing the whole point of encryption - using Tor or a VPN you're just allowing people at the Tor/VPN end point to view the traffic.

This really does need emphasising. Tor is largely intended to obscure the origin of traffic, not to protect that traffic from eavesdropping. And given the way that the traffic has to emerge from endpoints, it can even be a liability for unencrypted traffic. There was that case a while back of some security researcher having collected all sorts of interesting credentials from sniffing traffic at a Tor endpoint, and one rather got the impression that certain entities might not have liked the guy going public with his discoveries.

[danielj]

OK - I'm having some issues deciphering how this was previously configured to prevent access to certain directories. Just for now I'm disabling https until I can get that bit straightened out... It might be tomorrow, but basically it basically works...

d.

[tautology]

Cools thanks!

[crj]

That's fundamentally missing the whole point of encryption

There is no one "whole point" of encryption.

There are a whole bunch of threat models and, as I assume you're aware, it's dangerous to talk about "encrypted" as though it were some panacea, any encryption protecting against every threat.

using Tor or a VPN you're just allowing people at the Tor/VPN end point to view the traffic

Unless you personally exchange public keys with the site administrators, you've got to trust some intermediary. You cited the threat model of eavesdropping local to the client; I suggested a mitigation for that threat model, by instead trusting a VPN provider, or a series of randomly-chosen Tor exit nodes. If you trust the owners and patrons of your local coffee shop more then, well, don't use a VPN or Tor!

Plus there's no integrity checking that the server is valid.

Domain-validated certification provides integrity checking that's next to useless. The only protection it offers is that an attacker has to have demonstrated control over the domain from the perspective of the CA as well as the client; the man in the middle has to be a little closer to the server. The attacker doesn't even need to have current control over the domain from the CA's perspective - revocation is hazardously flaky in practice, so anyone who has ever compromised a server has an enduring ability to impersonate it.

Worse, once a browser accepts domain-validated certification, it's vulnerable to a security-downgrade attack because nothing prevents such certificates being issued for any domain by any CA.

DNSsec, by contrast, proves that the publisher of the DNS records has demonstrated to the registrar's satisfaction that they're the registrant. That puts security in the right place: the client doesn't need to know how lax or stringent the registrar's controls are, and the owners of important domains can use a value-added registrar with extra checks.

you have a secondary check that the server has been issued a certificate by a valid authority

This is the whole trusted-trustworthy dichotomy writ large. Your https security is only as strong as the least stringent integrity check performed by the most incompetent CA in your browser's list, and that list is now polluted with literally hundreds of entities we shouldn't be trusting.

Just because an authority is deemed valid, that doesn't mean it deserves the accolade.

LetsEncrypt provides a route for the average person to get an encrypted site up and running for minimal cost. The only difference between LE and some of the largest companies (e.g. GoDaddy) is that GoDaddy charge and issue the certificate for longer.

As a result, lots of users and web admins alike think their connection is safer than it really is. That's a dangerous misapprehension which is going to cause an ugly mess.

X.509 implementations have been getting shonkier and shonkier for decades. We may be about to put the nail in the coffin.