I think this concern is reflects a misunderstanding of how the security of the WebPKI works. Specifically, any CA can issue certificates for your domain whether you are their customer or not. What that means is that if CA #1 is compromised but you choose CA #2, CA #1 can still be used to attack connections to your domain.
The situation is slightly worse if the CA you actually use is compromised because the main defense we have against misissuance is Certificate Transparency, and it's easier to detect that a certificate was issued by a CA you don't use than that too many certificates were issued by a CA you do use, but it's just slightly easier.
The bottom line here is that if you are worried about some group of CAs being compromised, then using a different CA doesn't help you much.
I would have that concern, at minimum 100x more with random shitty unreliable SSL providers, than those being run by literal huge nerds and non-profits. Your analysis here is thin and lazy and that's being generous to your analysis.
I worry that the CA is somehow compromised (state actor holding private keys, etc).
BTW, all the recent certificate shenanigans have invovled for-profit CAs [1].
[1]: https://sslmate.com/resources/certificate_authority_failures
I still believe in "if it's free, you are the product."
6 replies →
Thanks for explaining.
I think this concern is reflects a misunderstanding of how the security of the WebPKI works. Specifically, any CA can issue certificates for your domain whether you are their customer or not. What that means is that if CA #1 is compromised but you choose CA #2, CA #1 can still be used to attack connections to your domain.
The situation is slightly worse if the CA you actually use is compromised because the main defense we have against misissuance is Certificate Transparency, and it's easier to detect that a certificate was issued by a CA you don't use than that too many certificates were issued by a CA you do use, but it's just slightly easier.
The bottom line here is that if you are worried about some group of CAs being compromised, then using a different CA doesn't help you much.
Yes I understand all of that, but I still choose to trust free services less.
Of course the (more secure?) alternative would be to generate self-signed certs, but for customer-facing sites that's a big UX problem.
2 replies →
> I worry that the CA is somehow compromised (state actor holding private keys, etc).
"Somehow" is doing a lot work in that sentence.
Operationally, there's no difference between the security procedures and requirements that a for-profit or a non-profit CA must adhere to.
I would have that concern, at minimum 100x more with random shitty unreliable SSL providers, than those being run by literal huge nerds and non-profits. Your analysis here is thin and lazy and that's being generous to your analysis.