February 25, 2006

new cert for FC

Installing new SSL server certs is like visiting the in-laws for Christmas dinner. It's so painful, you dread it for weeks in advance. Afterwards, the relief flows through you as you know you don't have to do that for another year or two.

The eagle-eyed will notice a new certificate for Financial Cryptography, as of a week back. There have been a number of improvements: it now includes all the AltSubjectNames according to the VHostsTaskForce recommendation. It's also installed with the new Class 3 root, which is the CAcert "high-verification" root (meaning that the identity of the issuer -- me -- was checked at least to 50 points worth).

(You will need to reset your Trustbar. You should need to reset your Petname. Weird - for me, Petname is stuck on the old name transferred to the new cert???)

Getting the right setup only took 3 goes. One effort failed completely. Second time, the script I used did not include the CommonName as well in the AltServerName list. Apache barfed on that version, giving an uninterpretable error. Re-rolled with the right list, this time it worked.

There are still issues. Hopefully by the time this one expires, 2 years from now, these other problems will be solved as well:

  • Apache and browsers will hopefully implement ServerNameIndication (SNI) which is the standard for sharing one SSL server over many web sites as Virtual Hosts. Like much of the planet, I have one IP# for too many web sites to administrate. Sharing virtual hosts is needed not to please me, but because it feeds into the fight against phishing. I already got hit with a request to add another domain name - which means a whole other cert, dammit.
  • We'll be a bit closer to point, click, configure. CAcert's process for setting this all up is still slow and cumbersome, but at least the doco is mostly there within 10 minutes or so of it being needed. The entire process took most of my last saturday, and I won't be satisfied until the time takes less than a minute, like Skype or SSH. Crypto is meant to help protect us, not slow us down and burn up our weekends.
  • Although CAs make a statement to some effect, users still don't know it. Firefox tells me the site name on the bottom, but not who said that unless I mouse-over. Safari doesn't even do that, it is still on the old model of a tiny padlock hidden somewhere. Konqueror proudly announces how many bits of crypto blah blah protection I've got. So basically users trust their browser or they are SOL.

Readers sometimes ask why FC uses CAcert instead of forking out bux to the commercial companies. It's not a political statement, I'd frankly rather we could just use crypto without the hassle (names of well designed cryptosystems available on request). Here's some of my reasons for using CAcert:

  1. I have a bunch of sites. They all benefit from a bit of SSL, but even at the low prices of certificate manufacturing shops, that all adds up. Also, one needs to factor in errors, reworks, extra domains added in, etc. With CAcert, it is only my time going down the drain every time something doesn't work out, not my wallet.
  2. CAcert have an identity program that makes sense, at least in principle (an audit process has started recently). They use what they call a web of trust and have each issuer of class 3 (identified) certs checked out by two or more people, face to face. It's not that I care to be checked out like that - in fact I despise and loathe the idea that to use crypto you have to know me - but if we are going to make a statement about identity, let's at least make a statement that means something. As a Financial Cryptographer, it behoves to take part in a process that is coherent, to the extent possible; in the past, I've used credit cards, but because I know that is a meaningless identity check, I feel stupid doing it. (FTR, I myself have 55 points which means the certificate points to an identity that was verified by at least 2 independent assurers, each of whom have at least 100 points, and are therefore verified by 4 people each, as a minimum.)
  3. CAcert is building a membership structure that harkens back to the good old days of the net. Members work for each other. The doco is patchy and the accents are odd, but the lists are not antagonistic to the honest user who lacks a PhD in mathematics. Security for the common man. And you get free certs. As there's no interest in how many certs are sold, concentration on core security is more likely. In fact, over on the CAcert lists, it's possible to propose some interesting security ideas and get some thoughtful response. Very refreshing.
  4. Readers will recall the age-old scandal of phishing. One core weapon in the fight against phishing is to get as much traffic onto SSL as possible, and then tools like Trustbar, Petname and maybe Ping's new design can better protect users. It's a virtuous cycle - more SSL means more certs means more tools and more protection. For ordinary users. So it pays for us financial cryptographers to keep the pressure on for more SSL. CAcert is definately there to help that process. Who else is? Whatever your views on whether High Authentication will work, it is hardly designed to increase the amount off SSL in use.

Of course, not all is light, joy and bounty. Far from it, CAcert is only the least worst of a bad bunch, but if we want to address phishing something must be done. A couple of notable flaws in the CAcert process: Their docs are all scattered around and their processes have not been beaten up. The linkage from the relying party to the cert to the signer to the statement to the CPS is unclear (but that's common of all).

( Note to FC readers: CAcert's root is currently only being distributed into various Linux distros and now FreeBSD! For other platforms, you will need to travel to CAcert's root page to install the root into their browser by hand -- for Firefox users, click on the line that says Class 3 PKI Key Root Certificate (PEM Format) if want to be part of the CAcert community. For Safari, Konqueror, Opera, IE7 users ... I don't know. I tried to load the root into Safari but failed. )

Posted by iang at February 25, 2006 04:03 PM | TrackBack

FYI, the Nokia 770 Internet tablet comes with CAcert's root certificate pre-installed in its Opera browser. It's the first commercial consumer product that I've seen that does that.

Posted by: Andreas Ehn at March 4, 2006 06:39 AM

the Nokia 770, at least mine (original nokia firmware) just doesn't warn on a "not secure site" status. I could load
http://financialcryptography.com, https://financialcryptography.com and https://www.financialcryptography.com without any difference in display, except the little lock on the addressbar (which presumably replaces the display of the protocol).

but positive news is that my safari only complains when I open the site with the https://www prefix. Leaving out the www works now fine with this certificate and the root certificate of cacert in my mac keychain.

Posted by: Matthias Subik at March 5, 2006 07:37 AM

Ha! OK the way the cert is structured is that the CN == financialcryptograph.com and the altSNs include that as well as the www.fc ... and other names.

So, what you could do is to also browse over to https://koalagold.com/ and to https://www.koalagold.com/ which are in the same cert as altSubjectNames. This is all according to the vHostsTaskForce recommendations.

Posted by: iang at March 5, 2006 08:51 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.