Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Debunking the Fallacy that Paid Certificates Are Better than Free Certificates, ...

0
0

Debunking the Fallacy that Paid Certificates Are Better than Free Certificates, and Other Related Nonsense

kdobieski

Fri, 11/16/2018 08:04

The rise of encryption

Right now we’re seeing encryption adopted across the web faster than at any point in history, we are making truly amazing progress. Every 6 months I publish a report on the top 1 million sites on the web and in the latest edition from Feb 2018 you can see the amazing progress being made.


Debunking the Fallacy that Paid Certificates Are Better than Free Certificates,  ...

It’s not just me making these claims though, we’re seeing this trend confirmed by people and companies across the industry.

. @Mozilla telemetry shows more than 50% of page loads were HTTPS yesterday. First time that has ever happened. pic.twitter.com/FE0FcIGPju

― Josh Aas (@0xjosh) October 14, 2016

Even Google have come out and published data about their Chrome browser.


Debunking the Fallacy that Paid Certificates Are Better than Free Certificates,  ...

source

The point is that encryption is here to stay and we are well on our way to a world where encryption will eventually become the default and not the exception.

CAs play a vital role

A Certificate Authority issues you a certificate to install on your website. The certificate serves one vital role in the whole process and that is authentication. If you type scotthelme.co.uk into the address bar and hit enter, when the page loads you can be sure that you have loaded the page from scotthelme.co.uk and that no one is trying to impersonate me. The browser validates the certificate it receives to make sure it’s a genuine certificate and not a forged one, that it was issued by a trusted CA and that the document was issued to scotthelme.co.uk . This is the very first step the browser performs when setting up the secure connection and if this fails, nothing further is allowed to happen. That, however, is all that the certificate does. Once the browser has done those few checks right at the start of the connection, the certificate can be tossed away, it serves no further purpose.


Debunking the Fallacy that Paid Certificates Are Better than Free Certificates,  ...
The difference between free and expensive certificates

For the purpose of this blog post I’m going to be talking specifically about Domain Validation, or DV, certificates. I’ve spoken about Extended Validation certificates and hopefully made my views on those clear in my blog post Are EV certificates worth the paper they’re written on? so check that out if you’re interested. There’s an interesting battle going on with DV certs right now and that’s largely due to Let’s Encrypt . CAs used to sell DV certificates for a healthy amount of money but over the years the cost was a race to the bottom, until Let’s Encrypt came along and started issuing them for free almost 2 years ago. Let’s Encrypt have faced a lot of scrutiny and even hostility from the wider community, I guess that was to be expected if you kill someone’s business model, but I don’t want to look at or focus on any of that. I’m going to be talking purely about provable, technical facts on the differences between free certificates and certificates that you pay for.

All certificates issued by a CA must be issued in accordance with a document called the Baseline Requirements set out by the CA/Browser Forum . This document details everything that a CA must do to validate the owner of the domain, how long certificates can be valid for and countless other restrictions that any CA must adhere to during issuance. Conformance is not optional and there is absolutely no mention of or difference between certificates that are issued for a fee or certificates that are issued for free. All publicly trusted certificates must meet the requirements, period.

Outside of the industry requirements set out by the CA/Browser Forum, which control the process and policies around certificate issuance, we also have to consider the standards too. All X.509 certificates must be issued in accordance with the specification, otherwise they’re simply not going to work! The appropriate RFC is RFC 5280 which provides the X.509v3 Certificate Profile that all issued certificates must conform to. Again, there is no mention of whether or not a certificate was issued for a fee or for free, all certificates must conform to the standard.

Better Encryption

Another really common thing that I see mentioned is that certificates somehow have an impact on the encryption of data transmitted over a connection. Let me clear this up and be as absolutely crystal clear as I can be; Certificates have nothing to do with the encryption of data you transmit. Looking around at a few CA websites though, you’d be forgiven for thinking that they somehow do, here’s just a selection.


Debunking the Fallacy that Paid Certificates Are Better than Free Certificates,  ...
Debunking the Fallacy that Paid Certificates Are Better than Free Certificates,  ...

The encryption of data is handled by server configuration and not the certificate. Let’s take a look at a few cipher suites to prove the point though. Let’s say we have a 2048 bit RSA key and we obtain a certificate, you’re going to see a cipher suite that looks something like this in production.

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Let’s quickly break this down so we understand each of the components.

TLS The protocol being used. ECHDE The Elliptic Curve Diffie-Hellman Ephemeral key exchange, supports Forward Secrecy . RSA The key used for authentication, in this case our 2,048 bit RSA key. AES Advanced Encryption Standard, the symmetric encryption algorithm used for encrypting data. 128 The symmetric key size. GCM Galois/Counter Mode, we’re using authenticated encryption (AEAD). SHA256 The Message Authentication Code used for integrity checking.

Looking at that list, the only component that a certificate has any bearing on is the key used for authentication. In the example above we’re using a 2,048 bit RSA key but we don’t even list the size of the key in the cipher suite, just the key algorithm. The particular cipher suite above is using AES with a 128 bit key but if we wanted to increase that to AES with a 256 bit key, we’d simply change our configuration to use a different suite.

TLS_E

Viewing all articles
Browse latest Browse all 12749