current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Information Security Stack Exchange is a question and answer site for information security professionals. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 6 down vote favorite
2

I recently almost got caught by a phishing attempt, due to the use of a relatively convincing domain name and valid SSL certificate (specifically this website). When checking the certificate it turns out it was issued by Let's Encrypt. So I went there and as far as I understand the process to issue a certificate is automated - if you own a domain, you can get a certificate.

However isn't it a security issue and doesn't it go (at least partially) against the point of SSL certificates? Malicious websites can now look legitimate thanks to these certificates, which makes it a lot more likely that they will succeed. In my case I saw the green padlock on the URL and thought that all was good. Now it seems, due to this certificate issuer, users will be expected to click on that padlock and check who issued the certificate (and close the tab if it's from letsencrypt??).

So I'm wondering, given the security risk, why do browsers accept this certificate by default? I'm surprised especially that Chrome does given how careful Google is with security. Do they consider that letsencrypt is a good idea?

share|improve this question
    
Near dupe security.stackexchange.com/questions/117087/… . – dave_thompson_085 1 hour ago
8  
If you think normal (non-EV) SSL certificates from other authorities ever guaranteed anything more than LetsEncrypt then you might be in for a shock. Also: "... users will be expected to ... check who issued the certificate" - No, users are (and always were) expected to check if they're actually visiting the intended domain, in addition to the padlock. – marcelm 46 mins ago
1  
You may also be surprised by a "flexible SSL" by Cloudflare CDN. – KnightHawk 13 mins ago
up vote 35 down vote

I think you are misunderstanging what a SSL certificate actually certifies, and what it is designed to protect against.

A standard certificate only certify that the owner of the certificate actually controls the domain in question. So a certificate for g00dbank.com only certifies that the owner controls the g00dbank.com domain. It does not certify that the owner is a bank, that she is good, or that the site is in fact the well known Good Bank Incorporated.

So SSL is not designed to protect against phishing. Just because you see the green lock up in the left corner does not mean that everything is well. You also need to verify that you are on the correct website - that you are on goodbank.com (as opposed to the phishy g00dbank.com) and that goodbank.com is in fact the website of Good Bank Incorporated.

To make this easier for the average user, there is something called Extended Validation (EV) certificates. These also verify that you are the legal entity that you claim to be, by requiring you to do some paperwork. They browsers highlight them by displaying the name of the owner in the address bar.

So to get an EV certificate the phishers at g00dbank.com would have to start a real business (thereby leaving a papertrail), and even then they would probably not get one because their name is to close to a sensitive target.

Lets Encrypt does not issue EV certificates. They issue ordinary ones. But the phishers you encountered could have gotten a certificate frome anywhere. In fact, as IMSoP points out in comments, the method Lets Encrypt uses is employed by many of the established CA:s as well, the only difference being that Lets Encrypt is more efficient and cheaper. So this has nothing to do with Lets Encrypt specifically, and blocking them would solve nothing.

share|improve this answer
    
I believe that the word "bank" is heavily restricted in an SSL cert, meaning if you see Lloyds Bank in the cert name you can be pretty sure it's valid. – Tim 2 hours ago
7  
@Tim I think it is heavily restricted in EV certs. If my understanding is correct, nothing is restricted in "normal" certs. – Anders 1 hour ago
    
ahh I see, my bad – Tim 1 hour ago
2  
To add to this, the checks which Let's Encrypt are automating on the certificate owner's side are exactly the same checks which are already automated on the other end by well-respected CAs. Comodo, for instance, offers verification by clicking a link in an e-mail, verifying a DNS entry, or checking a file in the web root. At no point does a human need to examine these for a non-EV application. Indeed, the ACME protocol behind the automation is open for use by anybody; Comodo could adopt it and automatically invoice you if they wanted. – IMSoP 1 hour ago
    
@IMSoP Great point, I did an edit to include it. – Anders 59 mins ago
up vote 4 down vote

Certificate do not provide any more guarantee that what is in the certificate itself. In the case of Let's encrypt certificates, all that is guaranteed is that the server you are connected to belongs to the same entity that own the domain name you used to connect to it.

There is another class of certificate called "extended validation certificate" where the issuing CA do some more checks. Basically, the verify that the domain is own by an existing commercial entity. Browser will typically display such a certificate with a green indicator with more details (Chorme, for instance will add "the connection is secure and the company is known") to the description of the certificate.

Basically, the presence of a valid SSL certificate does not indicate that the target domain is safe. Even EV certificate do not tell you much (although it's a bit better).

share|improve this answer
up vote 4 down vote

Why does your browser trust certificates from the Let's Encrypt initiative?

Just to make this part clear: Your browser/computer trusts these certificates, because it acknowledged the root CA "DST Root CA X3" and stored it in a list with trusted certificates. The CA "DST Root CA X3" again trusts Let's Encrypt and has signed their certificate.

Are free/cheap/easy-to-get certificates a security problem?

No.

Having a signed certificate or serving https does not imply that the website is malicious or not. It only proves that you connected to a server that has a valid and signed certificate for the domain.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.