[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Lets Encrypt compared to self-signed certs

bancfc@xxxxxxxxxxxxxxx writes:

> How secure is Lets Encrypt compared to a pinned self signed cert?
> Can Lets Encrypt be subverted by NSLs?

You can use pinning with Let's Encrypt certs too.  The default client
behavior changes the subject key on every renewal, but I can add a
feature to keep the old key if you want to pin at the key level.

We don't know how large the risk of legally-compelled misissuance is,
but we have lots of lawyers who would be excited to fight very hard
against it.  I think that makes us a less attractive target than other
CAs that might not find it as objectionable or have as many lawyers
standing by to challenge it.

Remember that (without CA-level pinning) users are always at risk
from misissuance by any CA that they trust, not just the CA that
you specifically chose to use.  For example, google.com was attacked
(successfully at first) with misissued certs from DigiNotar even though
Google had no relationship with DigiNotar at all.

We also publish all of the certs that we issue in Certificate
Transparency.  You can watch the CT logs for your domain or other certs
that you care about.  If you ever see a cert in CT for your domain
that you didn't request, please make a big deal out of it.  Likewise,
if you ever see a valid cert in the wild from Let's Encrypt that doesn't
appear in the CT logs, please make a very big deal out of it.  At some
point it should become possible to get browsers to require inclusion CT
proofs for certs from Let's Encrypt, though we don't have the tools in
place for this yet.

Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to