[Gpg4win-users-en] Commonly accepted SSL/TLS certificate for gpg4win websites

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Oct 17 00:24:56 CEST 2015 

On Fri 2015-10-16 11:04:15 -0400, Thomas Arendsen Hein wrote:
> While this sounds like the correct approach, I don't know if the
> gpg4win project or Intevation are considered that important for the
> FusionForge developers, but maybe we should just ask :)

yes, you should just ask ;)

> On the other hand, all these clients work perfectly after importing
> our root certificate from https://ssl.intevation.de/, and that is
> something we are reluctant to lose.

By encouraging people to do this with modern browsers, you're actually
placing those users in more of a risk, particularly in the scenario
where your root authority's key (or any of the four intermediate
authorities) gets compromised.  These CA certificates are not
name-constrained or in any other way limited, so a compromise of the
associated secret key material would allow forgery of certificates for
any site on the Internet.

Even modern attempts by other sites to address this kind of failure like
HPKP will likely fail to such a compromised root cert because modern
browsers consider "administratively-added trust anchors" like your root
certificate to invalidate HPKP protections (thanks to the TLS
middleboxes that some corporations use, which do this form of
MiTM attack based on a pre-installed root cert).

I wish distributing a custom root cert was not fraught with these kinds
of problems, but it is.

(fwiw, your intermediate certs are also signed with RSA-SHA1, which is
likely to cause a degraded UI with many browsers today anyway, since
SHA-1 is deprecated, and may not work at all after the end of this
calendar year.  if you're expecting people to use your root certs, your
intermediate certs should be signed with at least RSA-SHA256)

>> So if SNI ends up being a cheaper/quicker/easier path
>
> Not really cheaper, the price of the extra IPs is just a small part
> of the equation, about 1€ per IP per Month.

it may be cheaper if you don't have to do wildcards or joint-SAN certs.
you can probably get ~$3-5/year certs for single-SAN (or simple
foo.example and www.foo.example dual-SAN) certs.  You'd listed about 20
sites, i think, which comes to $100/year.  Even if the cost was
$20/year, we're talking about $400/year, which still comes in below
640€.  And a year from now, hopefully, LetsEncrypt will be functional,
which should reduce the cost further.  (and a year from now, even fewer
SNI-incapable clients will exist)

> That would be nice for everyone, but usually this is not available
> in small patches, but require larger modifications/backports or new
> upstream releases.

I'm sure this is true for some of the software mentioned.  It's probably
not true for others, and any fixes are welcome and useful.

Thanks for working on this!

    --dkg

More information about the Gpg4win-users-en mailing list