They might've passed the WebTrust audit, but I'm still pretty worried about their security posture.
Remember, unless you're pinning your certificate using DNSSEC+DANE or HPKP, in practice any CA in the world can issue certificates for any domain.
Let's recap: It's 2015. They're using SHA-1 for everything (NOOOO!). They're based in China, which has just said it wants to ban encryption. (So has Cameron in the UK, yes, but at least he hasn't won an election yet. Edit: he pledged to if he wins; we have a coalition government, nobody won last time, least of all us! <g>) It looks like they've messed up OSCP, so even their own cert doesn't pass. Oh, and RC4, TLS 1.0 only, check out their login server: https://www.ssllabs.com/ssltest/analyze.html?d=login.wosign.... - let's put the (slightly) stronger ones at the end, everyone! Ugh.
You're completely right, and up voted because THIS IS AN SHA1 CERTIFICATE, IT WILL TRIGGER BROWSER WARNINGS, YOU DONT WANT IT should remain the top post, but David Cameron did actually win an election and is currently the Prime Minister of the UK.
It looks like they cleaned up their forums from when they were last mentioned[1] but I'll still keep my distance.
Anything like this is really a bandaid for the real problem with SSL/CA. As in why can't I be a CA for my own domain? I think Android is a perfect example of this problem - if you import a CA cert using the built in Android credential storage every time you reboot it will show a vague and useless message saying that people may be spying on you. Not which CA cert was added and when - just "hey, you added, on purpose, a CA cert. I'm just making sure you are aware of this".[2] I understand the warning? error?...err simply because now I can sign a cert for ANY domain and Android will accept it as legit. This makes sense for the average users who don't understand or care what a CA is, not advanced users or enterprise users who will most likely use their own CA infrastructure. In this case - it would make more sense for them to be a CA over just company.tld rather than any domain.
Personally - I'm using a modified version of PHP-CA[3] (as in changed the OpenSSL defaults to something sane and fixed some small issues). It's obviously not very advanced (for lack of better words kind of sucks) - but I wanted to hit the ground running with being my own CA for personal use and I have other projects I'm working on.
You're right that SSL has problems, but you cannot be the certificate authority for your own domain, and I'll explain why.
The certificate authority system is an imperfect solution for the problem of public key infrastructure. It is designed such that a trusted, independent third party can verify messages between two communicating parties. The third party's trusted signature verifies that the user is who they say they are.
Now, if anyone can be a certificate authority, and you can be your own certificate authority, you have effectively removed certificate authorities entirely - you now end up with de facto two parties. This is convenient for you to certify that you are yourself, obviously.
This is inconvenient and dangerous for you when anyone else certifies that they are you using themselves as a certificate authority - if they can sign their public key using their own nominal trustworthiness, the entire problem is back where it started without the certificate authorities in the first place.
By design, certificate authorities need to be 1. trustworthy, 2. highly vetted and 3. very few. If everyone is a certificate authority, then no one is.
Edit: Hmm, looks like the free certs will never pass strict OCSP checks. As broken as the OCSP system is, I would still like to be able to check against it.
Usually it's quite easy to pass this (a single vendor) - you just need to get verified by a WebTrust recognized company (E&Y or some other bookkeeping company) and be able to convince the vendor (the process is pretty much the same with each vendor).
However you'll need to build and run your infrastructure upfront so you're already burning some years money just to get those documents. When you finally get them and become ready to apply for inclusion with the vendors (Apple/MSFT/GOOG/Mozilla/Debian etc) it will take another couple of months. Even when you're included there is a big chance that it will take a couple of years to reach a high enough distribution rate to be acceptable for business purposes (think of old android devices or Windows XP).
Getting cross-signed by another CA costs money and they will re-validate your setup as you will sign "below" their root CA.
I wonder what the total initial and running costs of starting up a CA (including WebTrust & yearly re-audit) are today...
At risk of sounding xenophobic, you have to wonder if this is simply an effort to have Chinese-issued certificates become common place in the west. A common form of certificate pinning is based on the CA that issued the certificate (to allow certificate rotation). More Chinese issued certificates being used intentionally will make the mere fact that a certificate was issued by a Chinese CA less suspicious.
Nothing is 100% secure and new CA players will bring a higher encryption usage overall (in this case -> other business model/regional reach). Higher usage will also drive the amount of criminals (including secret agencies) trying to MITM/intercept those encryption. This will push vendors and developers to increase certificate pinning and other models of "bottom-up" models besides the top-down model that the CA-model implements.
IMHO it would be great to have a "working by default" model (which the CA-model is compared to something like pgp) and a protocol-independent way to pin public keys (eg not tied to http/s like HSTS and HKPK).
People and companies in need of "higher" security can pin keys and eg ignore the root trust of their OS/browser. So IMHO the best of "both" worlds.
I just thought my past employee (used to have StartSSL but got rejected recently) have to buy an wildcard one for a year while "Let's Encrypt" is not yet here, but this is just great. Will tell them to save their money.
Hope they'll update MAC soon. Wonder if they have an option to sign only for an year, so expiry date won't get past 2017. SHA1 should suffice for an year.
However, I must ask -- what's their business model?
Even as great as the offer is, this is akin to the free sample... Because once you deploy the https:// address scheme, there is no going back. On the other hand, this would have been perfect if there was opportunistic encryption within HTTP.
> Because once you deploy the https:// address scheme, there is no going back.
Unless you send the HSTS header, that's not true. Even so, you could just set the HSTS expiry time to the certificate's expiry (which would have to be done within your code, sadly).
EFF is going to be giving out free certs starting later this year. https://letsencrypt.org/ It's not too surprising someone would lower prices now to adjust.
>Before you stop reading because you don't trust a Chinese company for your website encryption please keep in mind that you don't have to trust them at all! You generate the SSL key on your server and only send them the CSR (certificate signing request) which doesn't contain any private information.
That's not really the reason we might not trust a CA. The CA needs to make assurances that it won't improperly sign certificates for an entity purporting to be the principal, e.g., DigiNotar. Maybe this CA has, but that's still a weak argument.
Nice find! But given the amount of hassle to get one, your hourly rate must be very low. But I'm sure it will be the future to get near-0$ DV-certificates.
It's a pity no CA besides StartCom and Comodo pick up the S/MIME market. Both options are not very usable for non-IT people.
update: WoSign now has a new page https://buy.wosign.com/free/ which is in English, works without creating a account first and wraps up all the steps in one simple page.
The issue with "Submit request contains invalid data" some people ran into was fixed as well :)
yea,i also can't get it to work. been bashing my head against this for hours. i did this to make the multidomain cert: http://stackoverflow.com/a/9158662/4202492[1]
then i'm doing this: "openssl req -out example.com.csr -new -sha256 -newkey rsa:2048 -nodes -keyout example.com.key -config openssl.cnf"
do i need to attach a mail adress to the csr?
do i need to set a challenge password?
what is the "free binding domain" on wosign?
The objective truth is that no theft has happened. Laws about theft are not applicable to copyright infringement.
But you're right, it's taken from LowEndTalk[1] and it remains unknown to us if the author asked for permission to copy the instructions to his or her blog.
AlyssaRowan|11 years ago
Remember, unless you're pinning your certificate using DNSSEC+DANE or HPKP, in practice any CA in the world can issue certificates for any domain.
Let's recap: It's 2015. They're using SHA-1 for everything (NOOOO!). They're based in China, which has just said it wants to ban encryption. (So has Cameron in the UK, yes, but at least he hasn't won an election yet. Edit: he pledged to if he wins; we have a coalition government, nobody won last time, least of all us! <g>) It looks like they've messed up OSCP, so even their own cert doesn't pass. Oh, and RC4, TLS 1.0 only, check out their login server: https://www.ssllabs.com/ssltest/analyze.html?d=login.wosign.... - let's put the (slightly) stronger ones at the end, everyone! Ugh.
Let's Encrypt will do it properly. Or Else™. ;)
nailer|11 years ago
NKCSS|11 years ago
nadams|11 years ago
It looks like they cleaned up their forums from when they were last mentioned[1] but I'll still keep my distance.
Anything like this is really a bandaid for the real problem with SSL/CA. As in why can't I be a CA for my own domain? I think Android is a perfect example of this problem - if you import a CA cert using the built in Android credential storage every time you reboot it will show a vague and useless message saying that people may be spying on you. Not which CA cert was added and when - just "hey, you added, on purpose, a CA cert. I'm just making sure you are aware of this".[2] I understand the warning? error?...err simply because now I can sign a cert for ANY domain and Android will accept it as legit. This makes sense for the average users who don't understand or care what a CA is, not advanced users or enterprise users who will most likely use their own CA infrastructure. In this case - it would make more sense for them to be a CA over just company.tld rather than any domain.
Personally - I'm using a modified version of PHP-CA[3] (as in changed the OpenSSL defaults to something sane and fixed some small issues). It's obviously not very advanced (for lack of better words kind of sucks) - but I wanted to hit the ground running with being my own CA for personal use and I have other projects I'm working on.
[1] - https://news.ycombinator.com/item?id=8901822
[2] - https://code.google.com/p/android/issues/detail?id=82036
[3] - http://php-ca.sourceforge.net/
dsacco|11 years ago
The certificate authority system is an imperfect solution for the problem of public key infrastructure. It is designed such that a trusted, independent third party can verify messages between two communicating parties. The third party's trusted signature verifies that the user is who they say they are.
Now, if anyone can be a certificate authority, and you can be your own certificate authority, you have effectively removed certificate authorities entirely - you now end up with de facto two parties. This is convenient for you to certify that you are yourself, obviously.
This is inconvenient and dangerous for you when anyone else certifies that they are you using themselves as a certificate authority - if they can sign their public key using their own nominal trustworthiness, the entire problem is back where it started without the certificate authorities in the first place.
By design, certificate authorities need to be 1. trustworthy, 2. highly vetted and 3. very few. If everyone is a certificate authority, then no one is.
Animats|11 years ago
Because then anyone who can hijack DNS for your domain can also be a CA for your domain.
aroch|11 years ago
Edit: Hmm, looks like the free certs will never pass strict OCSP checks. As broken as the OCSP system is, I would still like to be able to check against it.
rmoriz|11 years ago
However you'll need to build and run your infrastructure upfront so you're already burning some years money just to get those documents. When you finally get them and become ready to apply for inclusion with the vendors (Apple/MSFT/GOOG/Mozilla/Debian etc) it will take another couple of months. Even when you're included there is a big chance that it will take a couple of years to reach a high enough distribution rate to be acceptable for business purposes (think of old android devices or Windows XP).
Getting cross-signed by another CA costs money and they will re-validate your setup as you will sign "below" their root CA.
I wonder what the total initial and running costs of starting up a CA (including WebTrust & yearly re-audit) are today...
noxenook|11 years ago
rmoriz|11 years ago
Nothing is 100% secure and new CA players will bring a higher encryption usage overall (in this case -> other business model/regional reach). Higher usage will also drive the amount of criminals (including secret agencies) trying to MITM/intercept those encryption. This will push vendors and developers to increase certificate pinning and other models of "bottom-up" models besides the top-down model that the CA-model implements.
IMHO it would be great to have a "working by default" model (which the CA-model is compared to something like pgp) and a protocol-independent way to pin public keys (eg not tied to http/s like HSTS and HKPK).
People and companies in need of "higher" security can pin keys and eg ignore the root trust of their OS/browser. So IMHO the best of "both" worlds.
HSTS http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
HPKP https://developer.mozilla.org/en-US/docs/Web/Security/Public...
drdaeman|11 years ago
I just thought my past employee (used to have StartSSL but got rejected recently) have to buy an wildcard one for a year while "Let's Encrypt" is not yet here, but this is just great. Will tell them to save their money.
Hope they'll update MAC soon. Wonder if they have an option to sign only for an year, so expiry date won't get past 2017. SHA1 should suffice for an year.
rmoriz|11 years ago
cnst|11 years ago
However, I must ask -- what's their business model?
Even as great as the offer is, this is akin to the free sample... Because once you deploy the https:// address scheme, there is no going back. On the other hand, this would have been perfect if there was opportunistic encryption within HTTP.
Xorlev|11 years ago
I'd be a little suspicious of anything too free like that. I hate to be too xenophobic but I can't say the thought didn't cross my mind.
iancarroll|11 years ago
Unless you send the HSTS header, that's not true. Even so, you could just set the HSTS expiry time to the certificate's expiry (which would have to be done within your code, sadly).
indrax|11 years ago
This is becoming a freemium product.
ibejoeb|11 years ago
That's not really the reason we might not trust a CA. The CA needs to make assurances that it won't improperly sign certificates for an entity purporting to be the principal, e.g., DigiNotar. Maybe this CA has, but that's still a weak argument.
NKCSS|11 years ago
nailer|11 years ago
rmoriz|11 years ago
It's a pity no CA besides StartCom and Comodo pick up the S/MIME market. Both options are not very usable for non-IT people.
iancarroll|11 years ago
A lot of CAs sell S/MIME certs, including GlobalSign and CyberTrust. They're not heavily advertised, though.
thejosh|11 years ago
freerk|11 years ago
wavee|11 years ago
hoechst|11 years ago
do i need to attach a mail adress to the csr? do i need to set a challenge password? what is the "free binding domain" on wosign?
ridgewell|11 years ago
throwaway643423|11 years ago
But you're right, it's taken from LowEndTalk[1] and it remains unknown to us if the author asked for permission to copy the instructions to his or her blog.
[1]: http://www.lowendtalk.com/discussion/41289/free-chinese-2-ye...
freedombeer|11 years ago
[deleted]