A Free, Automated, and Open Certificate Authority. Josh Aas Co-Founder, Executive Director

Transcription

1 A Free, Automated, and Open Certificate Authority Josh Aas Co-Founder, Executive Director

2 What is HTTPS HTTPS is HTTP over a connection secured by TLS (used to be called SSL). It s how websites encrypt communications. Two components to a secure connection: Encryption (scrambled bits on the wire) Authentication (who are you?)

3 Encryption (easy-ish) Just a software stack for public key and symmetric crypto that needs to be installed and configured. Most Web servers directly support it.

4 Authentication via CA (too hard) Certificate Authorities issue the x.509 certificates required for SSL/TLS on the Web. Interaction with CAs for cert issuance and management is too hard.

5 The Web Isn t Secure As of December 2015: 40% of Firefox page loads are HTTPS 64% of Firefox HTTP transactions are HTTPS 62% of s received by Gmail are over STARTTLS Routers? Home gateways? These numbers should be 100%!

6 Why is 100% HTTPS Important? Users aren t in control of their data any more. Web is too complex. Need to treat everything as potentially sensitive. Developers expect integrity. Unencrypted traffic can be modified, e.g. ad insertion, script injection (e.g. great cannon).

7 Why Isn t The Web Secure? Security is too hard. I can t f ing figure out how to get a cert god hep people that don t know what a CSR is I am like 45 minutes in - Cullen Jennings Cisco Fellow

8 Traditional Certificate Fun Figure out you need a cert Try to figure out where to get a cert from Figure out what kind of cert you need Figure out how to request a cert (learn wtf a CSR is and how you make one) Go through painful manual verification process, maybe set up a new address Pay Figure out how to install your cert Remember to renew it on time

9 HTTP/2, Summer 2012 HTTP/2 IETF WG debating requiring encryption. Major objection was that encryption was too hard or even impossible for many. Josh Aas and Eric Rescorla decide we need to address this problem if the Web is ever going to achieve HTTPS Everywhere.

10 The Solution We needed a new CA. A lot of work, but nothing short of that would cut it. Didn t think we could get an existing CA to fully cooperate. Especially on the time scale we wanted. Also, didn t want to be forever at the mercy of another CA.

11 Cornerstones for a New CA Automated: Necessary for ease of use, reliability, and scalability. Free: As much for the sake of automation as price. Open: Transparency and cooperation are essential for trust. Global: Available in every single country in the world.

12 Building a Foundation Spent ~2 years ( ) clearing schedules, creating an entity, finding initial sponsors, and making a plan for getting trusted (a deal with an existing CA). Initial backers: CA Partner:

13 Internet Security Research Group ISRG is the entity behind Let s Encrypt. Founded May 2013 IRS 501(c)(3) status granted June 2014 Mission is to reduce financial, technological, and education barriers to secure communication over the Internet.

14 Building Let s Encrypt Announced to the public in November 2014, started work in earnest: Creating policy Writing software Ordering and installing hardware Configuring environment Hiring a team Making things as secure as possible Ensuring compliance, going through audits Getting more sponsors

15 Overview: How Let s Encrypt Works ACME Protocol, DHCP for Certificates Boulder CA software implements ACME, running on Let s Encrypt infrastructure Clients request certificates from Let s Encrypt via ACME

16 Types of Certificates Domain Validation (DV): asserts control of a domain (what Let s Encrypt does) Organization Validation (OV): asserts control of a domain as well as basic organizational vetting Extended Validation (EV): asserts control of a domain as well as extended organizational vetting

17 ACME Automated Certificate Management Environment It s at the core of how Let s Encrypt works. Provides API for requesting, validating, revoking, and otherwise managing certificates. Being standardized:

18 ACME Issuance Overview

19 ACME Challenge Types HTTP: Put a file on your web server DVSNI: Provision a virtual host at your domain s IP address DNS: Provision a DNS record for your domain. Just turned on today!

20 Clients Basically 3 categories of clients: 1. Simple (drop a cert in the current dir) 2. Full-featured (configure server for you) 3. Built-in (web server just does it) Built-in is the best client experience!

21 The Ideal Client Experience Caddy Server. Video courtesy of Matt Holt. So. Damn. Easy. The way it should be.

22 90 Day Cert Lifetimes Shorter lifetimes are important for security. Encourage automation Limit damage from key compromise or mis-issuance (revocation doesn t work) Short-lived certs some day? Potentially a nice solution for revocation.

23 Issuance Over Time

24 4x Increase in HTTPS Growth Rate

25 Certificate Transparency

26 Our Commitment to Transparency goes beyond submitting all certs to CT. Open source software Quick and complete incident disclosure Working on making as many internal policies as possible public, e.g. revocation

27 Let s Encrypt is Everywhere Let s Encrypt will issue to any TLD except for.mil, including cctlds that other CA s won t: Cuba (.cu) Syria (.sy) Iran (.ir) Sudan (.sd) North Korea (.kp) Will not issue to groups or individuals on the U.S. Treasury Department s SDN list.

28 Phishing and Malware CAs are not the right place to police phishing and malware! Don t have the data Can t respond fast enough If HTTPS becomes existential, we don t want to be censors Revocation is ineffective Read our full blog post about this.

29 Where to from here? Our goal is to get SSL/TLS usage to 100%. Next step is getting major hosting providers to provide HTTPS by default to all customers using Let s Encrypt. We re already in talks with most of them. Expect to issue 4-8 million certificates in 2015.

30 Platinum & Gold Sponsors

31 Silver Sponsors

32 Champion Let s Work 1. Make sure your employer is deploying HTTPS by default for every site. Demand the same from your partners (e.g. ad networks). 2. Get your employer to sponsor us. We need strong advocates inside companies to keep Let s Encrypt going.

33 What about Apache? Prepare for TLS as the default, not an optional feature. Apache needs stronger support for cert retrieval and management. Should integrate an ACME client.

34 What about Apache? Revocation is broken, particularly without OCSP Stapling. Apache OSCP Stapling needs work: Pre-fetch OCSP to improve handshake perf Refresh OCSP before expiration Turn on by default