Let’s Encrypt is a new Certificate Authority that it’s free, automated and open. Currently in Public Beta, Let’s Encrypt is a new step forward for better security and privacy. Let’s Encrypt team wants HTTPS to become the default. Everyone can own free SSL certificates signed by Let’s Encrypt. Until now, Let’s Encrypt signed over 30 000 certificates during the limited beta period.

Powered by lots of sponsors, such as Akamai, Facebook, Mozilla, Cisco, and many others, Let’s Encrypt means one step closer to better website security.

But why did Let’s Encrypt need the money from the sponsors? How can they use this money?

Sponsor packages at Let’s Encrypt start at 10k dollars a year and can go up to 350k dollars a year. It’s clear that in order to sign more certificates, the Let’s Encrypt architecture must grow. That means that they need more and more servers. They need more developers. And all of these costs a lot. But the most important thing is that they need to invest in penetration testing (pen testing), they need to invest in security.

You can see below the sponsors list of Let’s Encrypt:

What does the sponsors have to won from this?

It’s easy, take for example Akamai, which is one of the biggest CDN (content delivery network) providers. The Let’s Encrypt sponsoring program will allow them to offer free SSL certificates for their customers. And that’s a huge win. Otherwise, they will have to pay much more money. Remember that CloudFlare offers free SSL certificates for all of it’s customers, even for the free accounts. That’s whay, Akamai should offer similar services, if they don’t want to loose their customers in favor of the CloudFlare, which offers almost the same services for cheaper prices.

Cisco is another big player that invests in security, and, just like Akamai, they probably want to integrate the free SSL certificates in their products and services.

Duplicate Signature Key Selection Attack in Let’s Encrypt

According to the blog agwa.name, Let’s Encrypt uses the ACME protocol, which is vulnerable to “Signature misuse vulnerability in draft-barnes-acme-04”.

What is ACME?

ACME is a protocol for the automated issuance of SSL certificates. It was developed for and is used by Let’s Encrypt, and is currently undergoing standardization at the IETF. In ACME, messages from the client are signed using the client’s ACME account key, which is typically an RSA or ECDSA key. When an ACME client asks the server to issue a certificate for a particular domain, the server replies with one or more “challenges” which the client must complete successfully to prove that it controls that domain.

We digged the web and found the source link of the vulnerability, reported by Andrew Ayer. According to him:

I recently reviewed draft-barnes-acme-04 and found vulnerabilities in
the DNS, DVSNI, and Simple HTTP challenges that would allow an attacker
to fraudulently complete these challenges.

I shall describe the DNS challenge vulnerability first, since it is the
most serious as it requires no MitM or other network-layer subversion.
The assumptions are:

1. The victim, example.com, has recently completed its own DNS
challenge, and the _acme-challenge.example.com. TXT record is still
provisioned in the DNS.

2. The victim uses an RSA account key.

3. The attacker has an account with an ACME server (not necessarily the
same server as the victim).

4. The attacker’s account has a recovery key.

The conclusion is that the vulnerability was caused by a misuse of digital signatures. The guarantee provided by digital signatures is the following:

Given a message, a signature, and a public key, a valid digital signature tells you that the message was authored by the holder of the corresponding private key.

Shortly after Andrew reported the vulnerability to the IETF ACME mailing list on August 11, 2015, Let’s Encrypt mitigated the attack by removing the ability to start a challenge with one account key and finish it with a different one, which deprived the attacker of the ability to pick an account key that would produce the right signature for the validation object.

Personal Conclusion

Why I posted this article today, much later than the vulnerability was discovered?

I want to point out a few impressions regarding Let’s Encrypt (free SSL certificates) vs all the other Certificate Authorities that offer paid SSL certificates. Let’s Encrypt is a kid in the SSL world, but being sponsored by Facebook, Akamai, Cisco and Mozilla is a huge thing. That’s a sign that they’re on a good way. But still, they are only on Public Beta, that’s why I don’t recommend them at this moment for production environments, still, if you’re working on a new product, you can test their service and use it on testing and development environments. But for the production, at this moment I recommend a paid Secure socket Layer Certificate Authority. The reasons are simple, they have millions and customers and at this moment they are much more experience, much more bug fixing and probably they offer better security.

All of these being said, I’m waiting for Let’s Encrypt to be General Available to everyone. That will probably be the moment when Hacking News will start using SSL certificates.

I recommend all the big Tech Players to invest in Let’s Encrypt or some other similar services. They should all invest in a better web, a more secure one.