Full Disclosure mailing list archives
Re: Slightly OT: What SSL cert do you consider strongest?
From: Fabian Wenk <fabian () wenks ch>
Date: Wed, 23 Oct 2013 17:59:49 +0200
Hello David On 22.10.2013 22:14, David Miller wrote:
After the PRISM and other Snowden leaks, inquiring minds want to know: whose SSL certs are to be trusted?
This does not really matter. For best privacy you should create the secret key for your certificate on your own trusted system with a 2048 bit RSA key. Then give the CSR (Certificate Signing Request) to the CSP (Certificate Service Provider, aka CA) of your trust. They will sign your certificate with their secret key, so that the chain can be verified through the already stored public root certificate of this CA chain in the used application (e.g. your customers browser) or operating system.
Other security measures you can do is with setting appropriate SSL ciphers for your services. Use and prefer / force the PFS (Perfect Forward Secrecy) variants. But test with all possible client applications, as some of them still do not support the stronger ciphers and require some weaker once. Disable the MD5 and if possible also the RC4 ciphers.
As others already have pointed out, any of the CAs, which are on default trusted from most Browsers, other Applications and operating systems, could issue (aka sign) a third party certificate with your FQDN hostname in it, which then could be used in a men-in-the-middle attack.
There are steps you could do to protect your customers in the future, as the use of such services from the client side is not fully supported yet. Sign your DNS zone with DNSSEC and let add the corresponding entries to your upstream TLD. But the clients (e.g. customers computers) need also to use and check DNSSEC when resolving (this also depends on the upstream name server, e.g. from your ISP). And then also add DANE [1] entries into your DNS zone for the hostnames which provide SSL or TLS services.
[1] http://www.rfc-editor.org/rfc/rfc6698.txtClients (e.g. end users) could use the "Certificate Patrol" [2] add-on in Firefox, so they will be alerted if an already known certificate changes. It will be suspicious if the certificate for your site is suddenly issued from a little unknown CA (CSP) in a foreign country.
[2] https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol
Is a self-signed cert likely to be stronger?
No not really. Self-signed is something you can do when you have a small known user group, where you can easily deploy the public certificate. But as others have pointed out, when this should be an open public service (e.g. like a web shop), then it is much easier for the visitors if you have your certificate signed form one of the well-known CSP.
bye Fabian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Slightly OT: What SSL cert do you consider strongest? David Miller (Oct 23)
- Re: Slightly OT: What SSL cert do you consider strongest? Jeffrey Walton (Oct 23)
- Re: Slightly OT: What SSL cert do you consider strongest? gremlin (Oct 23)
- Re: Slightly OT: What SSL cert do you consider strongest? John Adams (Oct 24)
- Re: Slightly OT: What SSL cert do you consider strongest? Fabian Wenk (Oct 23)
- Re: Slightly OT: What SSL cert do you consider strongest? Alex (Oct 23)
- Re: Slightly OT: What SSL cert do you consider strongest? Fabian Wenk (Oct 23)
- Re: Slightly OT: What SSL cert do you consider strongest? Jeffrey Walton (Oct 24)
- Re: Slightly OT: What SSL cert do you consider strongest? Fabian Wenk (Oct 27)
- Re: Slightly OT: What SSL cert do you consider strongest? Alex (Oct 23)