Re: SSL certificate purchasing

[Nick Semenkovich <nick () SEMENKOVICH COM>]

Another point worth considering: certificate revocation doesn't work at all.

Once a wildcard cert is compromised, it's game over for your entire domain
until that cert expires.[1]

sslstrip blocks all OCSP/CRL requests trivially -- revocation checking is
mostly a (privacy-destroying) placebo, which is why it's disabled in
Chrome. [2]


- Nick


[1] https://www.imperialviolet.org/2011/03/18/revocation.html

[2] Excluding HSTS sites and the realm of OCSP stapling required.

A bit more discussion:
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

Nit: If you're lucky and have a high-value EV cert, you'll get it included
in a CRLset: https://www.imperialviolet.org/2012/02/05/crlsets.html

On Thu, Nov 13, 2014 at 12:49 PM, Mark Montague <markmont () umich edu> wrote:

>  I consider using a wildcard certificate on a large number of systems --
> particularly if the systems might be managed by different internal IT
> groups -- to be a very bad idea.  If any single system is compromised and
> the attacker gets the private key (either because they obtained
> administrative control of the system, or because the key was readable by
> non-administrative users) the attacker can then use the key to impersonate
> any system for which the wildcard is valid, including identities of systems
> that do not actually exist.  This is especially attractive to attackers, as
> it allows them to compromise a low-value, less closely watched system in
> order to get the shared key which then allows them to impersonate (MITM) or
> more effectively attack a high-value, mission critical target.
>
> To remediate a compromise of a system that uses a wildcard certificate,
> you have to detect the compromise, you have to revoke the old certificate
> (which affects a large number of non-compromised systems), and you have to
> deploy the new certificate and key to all legitimate systems.  The losses
> due to a compromise have the potential to quickly outstrip any savings from
> not using a $35/certificate or unlimited certificate plan.
>
> If controlling certificate costs is essential, I recommend putting the
> wildcard certificate only on an SSL-terminating load balancer to which
> administrative access is tightly controlled.  It is less far less likely
> for a vulnerability to exist on a properly managed load balancer than on an
> arbitrary number of servers running a variety of services and web
> applications.  This has the further advantage of allowing you to centrally
> control which SSL protocols and ciphers you accept, allowing you to more
> effectively protect your institution from attacks such as Lucky-13, BEAST,
> and similar future vulnerablities; and making it easier to deploy perfect
> forward secrecy institution-wide, if desired.
>
> --
>   Mark Montague
>   LSA IT Advocacy and Research Support
>   University of Michigan
>   markmont () umich edu
>
>
>
> On 2014-11-13 13:21, Thomas Carter wrote:
>
>  We’ve considered that. How do you keep up with everywhere it’s used when
> time to renew?
>
>
>
> Thomas Carter
>
> Network and Operations Manager
>
> Austin College
>
> 903-813-2564
>
> [image: AusColl_Logo_Email]
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Mike Cunningham
> *Sent:* Thursday, November 13, 2014 12:02 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] SSL certificate purchasing
>
>
>
> We get a wildcard cert from COMODO that we can put on as many servers as
> needed for one price. We can use any *.pct.edu name with one cert
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Thomas Carter
> *Sent:* Thursday, November 13, 2014 12:58 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] SSL certificate purchasing
>
>
>
> We don’t have enough SSL certs around to qualify for one of the “get as
> many as you want for one price” deals, but the costs do seem high for
> non-essential sites. Has anyone used a reseller for cheaper prices like
> namecheap of GoGetSSL? They offer the basic Thawte SSL123 certs for $35 a
> year, which is considerably cheaper than the $149 Thawte lists.
>
>
>
> Thomas Carter
>
> Network and Operations Manager
>
> Austin College
>
> 903-813-2564
>
> [image: AusColl_Logo_Email]


-- 
Nick Semenkovich
Laboratory of Dr. Jeffrey I. Gordon
Medical Scientist Training Program
School of Medicine
Washington University in St. Louis
https://nick.semenkovich.com/