new_SSL_certificate.mdwn 2.95 KB
Newer Older
1 2 3 4
[[!meta title="New SSL certificate for tails.boum.org"]]

[[!toc levels=2]]

Tails developers's avatar
Tails developers committed
5
On the same day Tails 0.10 was put out, our website started to use a
6 7 8 9 10 11 12 13
commercial SSL certificate. This new certificate replaces the previous one that
was delivered by the non-commercial [CACert certificate
authority](http://www.cacert.org/).

What are SSL certificates?
==========================

Using HTTPS instead of plain HTTP to connect to a website allows you to encrypt
Tails developers's avatar
Tails developers committed
14 15
your communication with the server. But encryption alone does not guarantee
that you are talking with the right server, and not
16 17 18
someone impersonating it, for example in case of a [[man-in-the-middle
attack|doc/about/warning#index3h1]].

Tails developers's avatar
Tails developers committed
19 20 21
SSL certificates try to solve this problem. A SSL certificate is usually issued by
a certificate authority to certify the identity of a server. When you reach a
website your web browser might trust an SSL certificate automatically if it trusts
22 23 24
the authority that issued it.

Commercial certificate authorities are making a living out of selling SSL
Tails developers's avatar
Tails developers committed
25
certificates; they are usually trusted automatically by most of the
26 27
browsers.  Other non-commercial authorities, such as
[CACert](http://www.cacert.org/), need to be installed by the operating system
Tails developers's avatar
Tails developers committed
28
or by the user to avoid displaying a security warning when visiting the website.
29 30 31 32 33 34

Weaknesses of the system
========================

But this trust system has proven to be flawed in many ways. For example, during
2011, two certificate authorities were compromised, and many fake certificates
Tails developers's avatar
Tails developers committed
35
were issued and used in the wild. See [Comodo: The Recent RA
36 37 38 39 40 41 42 43 44 45 46 47 48 49
Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/)
and [The Tor Project: The DigiNotar Debacle, and what you should do about
it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it).

It is clear for us that getting an commercial SSL certificate is not enough to
strongly authenticate our website, and for example authenticity of our releases.
That's why we always propose you [[stronger ways of authenticating our Tails
release|/download#authenticity-check]] using OpenPGP signatures.

Why get a commercial certificate then?
======================================

Still we decided to get a commercial certificate for the following reasons:

Tails developers's avatar
Tails developers committed
50 51
- It makes it harder to setup a simplistic [[man-in-the-middle
  attacks|doc/about/warning#index3h1]] against the people who didn't use HTTPS so
52
  far to visit our website.
Tails developers's avatar
Tails developers committed
53 54
- It makes it easier (but not safer) for many people to use HTTPS on our
  website. This may be important to provide some confidentiality while posting
55
  on the forum for example.
Tails developers's avatar
Tails developers committed
56 57 58 59 60 61
- It allowed us to write and submit a rule for inclusion in the [HTTPS
  Everywhere](https://www.eff.org/https-everywhere) Firefox add-on:
  this rules forces HTTPS on our website. Tails ships HTTPS Everywhere
  add-on; therefore, once this new rule makes its way upstream, it
  will benefit every Tails user as well as anyone else who uses
  HTTPS Everywhere.