[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5267F275.1050105@wenks.ch>
Date: Wed, 23 Oct 2013 17:59:49 +0200
From: Fabian Wenk <fabian@...ks.ch>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Slightly OT: What SSL cert do you consider
strongest?
Hello David
On 22.10.2013 22:14, David Miller wrote:
> After the PRISM and other Snowden leaks, inquiring minds want
> to know: whose SSL certs are to be trusted?
This does not really matter. For best privacy you should create
the secret key for your certificate on your own trusted system
with a 2048 bit RSA key. Then give the CSR (Certificate Signing
Request) to the CSP (Certificate Service Provider, aka CA) of
your trust. They will sign your certificate with their secret
key, so that the chain can be verified through the already stored
public root certificate of this CA chain in the used application
(e.g. your customers browser) or operating system.
Other security measures you can do is with setting appropriate
SSL ciphers for your services. Use and prefer / force the PFS
(Perfect Forward Secrecy) variants. But test with all possible
client applications, as some of them still do not support the
stronger ciphers and require some weaker once. Disable the MD5
and if possible also the RC4 ciphers.
As others already have pointed out, any of the CAs, which are on
default trusted from most Browsers, other Applications and
operating systems, could issue (aka sign) a third party
certificate with your FQDN hostname in it, which then could be
used in a men-in-the-middle attack.
There are steps you could do to protect your customers in the
future, as the use of such services from the client side is not
fully supported yet. Sign your DNS zone with DNSSEC and let add
the corresponding entries to your upstream TLD. But the clients
(e.g. customers computers) need also to use and check DNSSEC when
resolving (this also depends on the upstream name server, e.g.
from your ISP). And then also add DANE [1] entries into your DNS
zone for the hostnames which provide SSL or TLS services.
[1] http://www.rfc-editor.org/rfc/rfc6698.txt
Clients (e.g. end users) could use the "Certificate Patrol" [2]
add-on in Firefox, so they will be alerted if an already known
certificate changes. It will be suspicious if the certificate for
your site is suddenly issued from a little unknown CA (CSP) in a
foreign country.
[2]
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol
> Is a self-signed cert likely to be stronger?
No not really. Self-signed is something you can do when you have
a small known user group, where you can easily deploy the public
certificate. But as others have pointed out, when this should be
an open public service (e.g. like a web shop), then it is much
easier for the visitors if you have your certificate signed form
one of the well-known CSP.
bye
Fabian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists