Alice's Lemonade Stand charges $0.25 for a cup of lemonade,
gives out free refills, and will give you a new cup each time.
Bob's Lemonade Stand gives out free lemonade with free refills,
and gives you one free paper cup to start with,
but you must use the same cup each time.
Bob charges $0.25 to replace a lost, damaged, or dirty cup.
So basically people who go to Bob's Lemonade Stand are incentivized to continue drinking from the same cup even if it's dirty (its integrity is compromised.)
Of course it's not a perfect analogy since certificates eventually expire, but you get the idea.
This is akin to saying Amazon Glacier should be boycotted for having a low cost of entry and high cost on the other end.
Their business strategy isn't a secret. If there were a vulnerability found in btrfs and a wave of people had their filesystems go belly up, I'd not expect Amazon to change the price of restorations.
The issue here is not about boycotting StartSSL because of their 'vulture-like' business model, it is about whether StartSSL can be trusted by browsers to actually secure connections. It can be argued that StartSSL is not actually providing an acceptable level of security, since the ability to revoke and regenerate a certificate is part of the service that a CA should provide. If StartSSL isn't performing security audits, gives out free certificates like candy, but charges for maintaining security, none of the free certificates are actually known to have any level of security.
There are many websites using StartSSL certificates that could also be using a compromised private key. Should there really be a lock icon in your browser if your connection is not actually secure?
StartSSL does provide revocation and regeneration of certificates. They charge for this service, just like other CAs charge for generation of certificates.
I would much rather StartSSL provide free certificates, even knowing that not everyone whose private key was compromised regenerated a certificate, than have StartSSL pulled from trust stores and thus cause fewer future sites to not have SSL because of the associated cost.
This is more of a problem with the simplistic trust model that is typically used with X.509 and TLS, rather than a problem with StartSSL. The type of security that you are suggesting is similar to opportunistic encryption or decentralized trust. Self-signed certificates are intended to fill this role, however, it is too difficult for the average user to use self-signed certificates securely, so browsers put up a scary warning to protect users from themselves. If cryptographic concepts could be securely exposed to end-users, then self-signed certificates could be used securely. In that case, StartSSL wouldn't even need to exist. Unfortunately in the current trust model that is being used, StartSSL has to exist to fill the niche for people who just want SSL to work. But because of recent events, this creates a problem in which the all-or-nothing security model essentially requires that StartSSL be blacklisted because of their business model.
Keeping in mind that while plain self-signed certs just don't work at all given user-behavior, self-signed certs plus TACK have about the same security level as SSH host keys. If-and-when most browsers have TACK, and most sites use TACK headers, the CA infrastructure will become mostly (though not entirely) irrelevant.
I don't think StartSSL is obligated to provide free stuff. If anything, StartSSL should be obligated to charge money for their service, if they expect to remain competitive. As it stands I think that StartSSL's free certificates do not meet my standards for what the lock icon in a browser should mean.
Security is a lot more complicated than that little lock icon, anyway. Security means different things to different people, devices, and protocols. It's a UX/UI problem. What we need are fresh ideas on how to convey security concepts through GUIs and human interfaces. We need ways of visualizing privacy and trust networks (things like Lightbeam and Collusion), and ways of securely building trust links (things like interactively-verified Diffie-Hellman over NFC, or ssh-keygen's randomart)
Not even sure where to begin with that. You can't simultaneously say we can't trust their certs because they charge to revoke, and say they should be obligated to charge money.
Whether or not their users follow good security practices is not something they can account for. The only way they could account for it would be to force revocation of all previous certificates. The same is true of every other CA. It's incredibly likely that many users of SSL across the board will fail to replace and revoke old certs, regardless of what CA they use.
I agree that there are flaws in the way we currently utilize SSL. But that is a fully separate issue, and not related to "Should StartSSL specifically be considered untrusted". StartSSL shouldn't be singled out to have their business destroyed because the industry as a whole needs to be improved.
Except the cups must be recycled where you bought them, and when they accidentally turn out to be super toxic Bob insists the recycling fee was clearly posted.
I don't know who's right here, but it's definitely not that simple.
It really is that simple. Bob didn't know the cups were toxic, there's no way he could have know, every lemonade stand had toxic cups, and he didn't raise the price of recycling in response. Bob isn't responsible for letting people off the hook due to circumstances outside of his control.
Well, this is not like the first time the TLS stack has a disastrous vulnerability. I think that giving out free certificates and charging for revocations is bad business since it sets bad incentives. Better then to charge upfront for issuing the certificates.
Well, I’d say the most valuable data is generally TLS-protected. E.g. Gmail, Outlook.com, Dropbox, etc. I sure would like to see even better TLS adoption rates than what the web currently has, but I don’t think that we should compromise the trustworthiness of the certificates in order to achieve this goal.
What makes the CA-issued certificates trustworthy is that they are in fact verified to belong to the legitimate owner of the domain. Doing the verification and maintaining the CA’s infrastructure is not free so I don’t think it’s very surprising that the vendors charge for their service.
"What makes the CA-issued certificates trustworthy is that they are in fact verified" ahahaha good one.
You should read about the history of Certstar, the Comodo RA. Why take money, expand ressources to verify the informations and issue the certificate when you can shortcut the verifications...
No matter how you look at it, the CA system is full of perverse incentives...
To be fair, I don't like Bob's business and wouldn't be his client. If you want me to pay for something, you'd better ask up front.
But then, StartSSL does not have a mandatory hidden cost. It just charges if you do something wrong.
The problem that everybody did something wrong and not by our fault is not exactly StartSSL's problem. I'd be impressed if they revoked the keys for free, but I don't see anything wrong on they not doing it.
Seems like a distinction without a difference to me.