Bitcoin Forum

Those of you running sites with self-signed certs should look into https://www.startssl.com/ (https://www.startssl.com/). Free SSL certificates valid for 1 year, renewable every year without charge.

They aren't accepted by mobile devices, but Windows, Mac OS X, and Firefox and Opera accept them, so it's far better than throwing an ugly security warning from a self-signed cert.
(IE, Safari, and Chrome use the OS' certificates)

See also https://secure.wikimedia.org/wikipedia/en/wiki/StartCom

It also allows the signing company to give certificate details to a government agency so that they can snoop on encrypted communications.

As far as I know with a self signed cert it should be impossible for a government to snoop.Or at least much more difficult.

If a government is prepared to seize a certificate from the signing company, why wouldn't they just demand root access from the server's host?

That is not how SSL works.

When you request an SSL certificate, YOU generate the keypair on your own computer (web server).  They only sign the public key, they never get the private key.  All major web server software works this way.  So, it is impossible for them to divulge anything to the government.

If a government is prepared to seize a certificate from the signing company, why wouldn't they just demand root access from the server's host?
[/quote]

According to the talk given at DefCon 18 titled "An Observatory for the SSLiverse" given by an EFF staffer:

When the government really wants to intercept SSL, what they do is they get a certificate provider to issue them a certificate in the domain's name, and then they just perform a man-in-the-middle attack, decrypting the traffic and re-encrypting it on its way to the destination.  (Note, they can't decrypt the traffic mid-stream - BUT with a forged cert they could put up a fake server, get you to connect to it, and that's what I'm referring to here)

The EFF says, there are enough SSL CA providers out there that the government doesn't need to wring yours - they only need one to sell out and issue a cert.

Regardless, a self-signed certificate doesn't protect against this, except perhaps unless users remove all the built-in trusted certificates from their web browser, and then install the self-signed cert as the only trusted root (pretty unlikely anybody is going to do this, since they'll get SSL errors all over the entire internet).

Damn... is there evidence that this has ever happened before?

By the way, I thought browsers would display a warning if suddenly the certificate for the site I'm used to visit changed...

Unfortunately they do not. I use the Certificate Patrol Firefox addon to tell me when a site's certificate changes.

I also use Certificate Patrol, and I removed many CAs from my certificate store. (Firefox does some buggy things after you remove CAs, though.) I wish the whole system would be replaced. The best idea I've heard is to store the cert in DNS; once DNSSEC is enabled, this will be pretty secure.

Thank you for pointing me to this extension. I really thought that was a default behavior of all SSL clients.

So, sites have no requirement in signing their new certificates with their old ones then... if a site changes a certificate about to expire, the extension will have no way to determine whether it's an authentic change or not, right?

No, there's no way to be 100% sure that the change is authentic. The addon does tell you that the old certificate was about to expire, which is the most common case for replacing a certificate.

The Certificate Patrol web site (http://patrol.psyced.org/) is full of more good info, including a link to an appliance which automates MITM attacks for "law enforcement".

thanks for the tip vladimir.

sent my whole bitcoin balance over to you right now :D

Or register on CaCert : https://www.cacert.org/

I'm a happy user of the perspectives system, works like a charm, although I think there should be many more notaries.

I get an SSL error with cacert: both their own site and bitcoin-contact.org. This is on Chrome[ium] and Ubuntu. I realise there are ways round this, but as I understand it Vladimir's process avoids this entirely.

Indeed, CaCert certificate is not added everywhere (but they should be in your ubuntu (/etc/ssl/certs/cacert.org.pem), so Chromium use their own embed certificates).

Yeah, I'd checked /etc/ssl/certs and seen cacerts so I assumed it was "just" a Chromium issue. However... I've just tried in Firefox and that's exhibiting the same behaviour.

I stress that this isn't a problem for me - I understand what's going on, and if I was so inclined I could fix it. Rather, it's a problem for non-technical users. For that reason I'd prefer Vladimir's approach to the cacert approach - at least for now, until browsers/distros catch up.

Not really usefull for you, but for other people, go to this web page and click on "Root Certificate (PEM Format)". Firefox will propose you to add the certificate, check "allow for web site" (or somethin like that). That's all :)
=> http://www.cacert.org/index.php?id=3


ps : it works without this on Debian and iceweasel (custom debian firefox).

I can see why many would suggest getting a root CA to issue your websites certification because to the average user it looks much more legitimate and secure.  However, there are major problems with the CA system and that is why I think people create their own certificates.  I am still learning about these issues but I found this podcast to be very helpful: http://agoristradio.com/?p=255

That being said, does anyone know if there is a Bitcoin CA Certificate floating around out there?  Or is there a signed gpg certificate that I could use with monkeysphere?