[HCoop-Discuss] TLS Perfect Forward Secrecy etc.

Clinton Ebadi clinton at unknownlamer.org
Mon Apr 14 16:45:27 EDT 2014 

Sajith T S <sajith at hcoop.net> writes:

> Greetings, 
>
> It's quite comforting to know that HCoop has remained immune to the
> latest internet catastrophe simply by running the stablest Debian. :)
> Yay us!
>
> The EFF are advising HTTPS sites to implement forward secrecy as a
> measure to mitigate the next Heartbleed if/when it happens.  How about
> HCoop?  Is it possible to enable this today without breaking a bunch
> of other stuff?

I was unaware of TLS perfect forward secrecy ("Damnit Jim, I'm a Lisp
hacker and not a sysadmin" or something like that). I will investigate
supporting it for all services. I think it is fairly straightforward
with Apache server-wide:

  https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite

In fact, according to the ssllabs report for navajos, many browsers are
already negotiating the correct ciphers for forward secrecy (a pleasant
surprise).

I think ejabberd may also already be using the proper cipher suites for
forward secrecy. Exim/IMAP will have to wait for migration from deleuze
to mccarthy, the soon-to-be-created Debian Wheezy based admin vm (boy am
I glad the on-site visit was delayed by a few weeks -- we very nearly
put our CA on a heartbleed vulnerable machine!).

> Also, this report doesn't look pretty:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=hcoop.net

Deleuze is the bane of the coop's existence right now, for many
things. The situtation with TLS is much better on navajos:

  https://www.ssllabs.com/ssltest/analyze.html?d=navajos.hcoop.net

We only receive a failing grade because of our untrusted CA, which is
... subjective. We'd get a B if it weren't for the unstrusted CA. I
think a B is the highest grade OpenSSL 0.9.8o can receive as
well. Another pleasant surprise.

> Speaking of which, I remember there being talks about HCoop getting a
> "properly" signed wildcard certificate, or perhaps becoming a signing
> authority by itself.  I can't find the relevant thread, but I was
> wondering if it's still in the plan, and if it's a thing that can be
> done without breaking Clinton's back and breaking the bank, etc.

I've investigated using Startcom for SSL certs:

  https://startssl.com/?app=35

Their interface is pretty sane, at least for acquiring a Class 1 cert
(which I have used to make my journal and personal web page SSL-enabled,
finally).

Unfortunately, the twitterverse is abuzz with hatred toward them for
charging a revocation fee for certificates compromised by Heartbleed. My
personal take is that they made their policies clear, and their pricing
model is great for organizations like HCoop that will likely never lose
key material... but there's a discussion on mozilla securitypolicy that
has a small chance of getting them booted from the trusted CA list:

  https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/ItSu2bebBKk

(tho', with the knowledge that key material *is* recoverable with
heartbleed, I think they ought to at least offer a highly discounted
rate in the short term, but I'm also really bad at making money.)

I think it is unlikely, but we probably don't want to spend $120 for
identity/organization validation before the fallout to the CA
infrastructure is clear post-Heartbleed (what with the recent proof of
concept that key material *can* be retrieved).

Luckily, we are blocked on this by needing to have the first board
meeting and updating our officers with PA so that we can request the
correct documentation for identity verification.

A short-term solution, at least for signing up new members, would be to
accept Gandi's offer of a free one year certification, and move the join
scripts to hcoop.net/join instead of join.hcoop.net. This would at least
improve the initial impression of hcoop, and costs us nothing. Thoughts?
I am inclined to just grab the certificate when I renew hcoop.net (I
think since it doesn't involve money, this falls under authority
delegated to sysadmin volunteers).

If we go with StartSSL, we have to appoint a certmaster who has their
identity verified ($60/year), and also verify the organization yearly
(another $60). At that price, it *might* be worth spending $160/year for
a Gandi wildcard cert, although there are some security advantages to
issuing separate certifications per subdomain and the StartSSL option
provides identity information. I am not sure we are actually permitted
to use a wildcard cert either, since we offer subdomains to members
freely. Perhaps as long as the cert doesn't include identity
information? I think a wiki page for discussion is in order (hint hint,
nudge nudge).

-- 
If nothing in the world can change our children will inherit nothing
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 212 bytes
Desc: not available
Url : http://lists.hcoop.net/pipermail/hcoop-discuss/attachments/20140414/98bb3d7e/attachment.pgp

More information about the HCoop-Discuss mailing list