Ask HN: Which CAs can you trust?
I'm in the market for a couple of SSL certificates. With all this NSA news my natural paranoia is being amplified. I'd prefer to spend my money on a CA that's trustworthy on the one hand, and technically competent on the other.
Who would you recommend, and who should be avoided like the plague?
16 comments
[ 4.0 ms ] story [ 56.1 ms ] threadHaving said that - if you're being diligent, make sure you generate your own public/private keypair and only send the CSR to the CA to sign your public key.
I noticed recently that StartSSL, although they'll happily accept a CSR, also offer to generate your key pair and give you the private (and public) key. While I understand their desire to make acquiring an SSL cert as easy as possible even for non-technical people (especially since they'll give you a cert for free, so minimising support is clearly critical to their business), the idea of having my private key come from something other than a machine I trust that's completely under my control seems very wrong.
For all practical intents and purposes, they are all the same.
> technically competent
Likewise here.
Assuming that an adversary can get one suborned CA to sign a certificate for your domain, the adversary can use that certificate to MITM first connections to your site without causing any sort of warning message within the browser. They can then both sniff and alter messages going in either direction, including e.g. stealing credentials, cookies, and what have you.
0: http://www.computerworld.com/s/article/9219731/Hackers_spied....
Furthermore, if done properly, your CA will never handle any of your (private) key material, so the CA itself has no special privilege with respect to the communications you sign with the private key, so there is also no reason to pick one here.
The only cryptographic thing they can do right or wrong is to allow easy and hassle free revocation of your certificate in case of a key compromise.. The main factors I would consider in picking a CA are pricing, customer service, acceptance and whether they are recognized as 'extended validation'.
>The DNS-Based Authentication of Named Entities (DANE)
> Transport Layer Security (TLS) Protocol: TLSA
https://tools.ietf.org/html/rfc6698
Good plan.
https://stopwatching.us/
Get the cheapest one or self-sign. Latter might be safer if it triggers leap of faith style UI in browser (like ssh).
But also see cowchases message - I'd probably use NameCheap myself if after a wild card certificate, but for the free certificates at StartCom have served me well.
Of course, this only applies if you have control of your clients, and those clients are only going to be accessing your server.
If you want the general public to be able to access your site through a normally configured web browser, this setup is quite unworkable; but the other commenters in this thread have some advice.