new_SSL_certificate.mdwn 2.79 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
[[!meta title="New SSL certificate for tails.boum.org"]]

[[!toc levels=2]]

On the same day as the release of Tails 0.10, our website started to offer a
commercial SSL certificate. This new certificate replaces the previous one that
was delivered by the non-commercial [CACert certificate
authority](http://www.cacert.org/).

What are SSL certificates?
==========================

Using HTTPS instead of plain HTTP to connect to a website allows you to encrypt
your communication with the server. But encryption might not be enough if you
also need to make sure that you are talking with the right server, and not
someone impersonating it, for example in case of a [[man-in-the-middle
attack|doc/about/warning#index3h1]].

SSL certificates try to solve this problem. There are usually issued by
certificate authorities to certify the identity of a server. When you reach a
website your browser might trust an SSL certificate automatically if it trusts
the authority that issued it.

Commercial certificate authorities are making a living out of selling SSL
certificates, and they are usually trusted automatically by most of the
browsers.  Other non-commercial authorities, such as
[CACert](http://www.cacert.org/), need to be installed by the operating system
or the user not to show a security warning when visiting the website.

Weaknesses of the system
========================

But this trust system has proven to be flawed in many ways. For example, during
2011, two certificate authorities were compromised, and many fake certificates
were issued, and used in the wild. See [Comodo: The Recent RA
Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/)
and [The Tor Project: The DigiNotar Debacle, and what you should do about
it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it).

It is clear for us that getting an commercial SSL certificate is not enough to
strongly authenticate our website, and for example authenticity of our releases.
That's why we always propose you [[stronger ways of authenticating our Tails
release|/download#authenticity-check]] using OpenPGP signatures.

Why get a commercial certificate then?
======================================

Still we decided to get a commercial certificate for the following reasons:

- It will make it harder to do simplistic [[man-in-the-middle
  attacks|doc/about/warning#index3h1]] on the people that didn't use HTTPS so
  far to visit our website.
- It will make it easier (but not safer) for many people to use HTTPS on our
  website. This could be important to provide some confidentiality while posting
  on the forum for example.
- It will allow us to write a rule for inclusion in the HTTPS Everywhere Firefox
  extension, shipped in Tails, and that will force HTTPS on our website for the
  people using it.