The Grumpy Troll

Ramblings of a grumpy troll.


Effective immediately, I will no longer be issuing CACert assurances.

My disillusionment has just boiled over, to a level where I do not want to expend any more energy supporting a project where politics has won out over practical security.

While it's a shame that politics elsewhere have kept the CACert root certificate out of browser default trust anchors, CACert remained useful enough as a “private CA which other technical people can probably verify more readily than a certificate from my own CA”.

But while CACert continue to rely upon TLS suites having MD5 exemptions for integrity checks for certificates in the root trust store, letting their public root remain usable, they've switched to ensuring that newly issued certificates will cause more interoperability problems. In a blog post about switching, they proclaim their switch to SHA2-512 as the hash algorithm in new certificates; they note that some old releases of Windows XP will no longer be able to verify certificates, while snottily suggesting Linux as a usable alternative. Alas, they didn't bother to verify that current stable releases of popular Linux distributions are using TLS libraries which can handle SHA2-512. The versions of GnuTLS (a fine, clean, product) shipped by stable releases of some Linux distributions do not handle SHA2-512.

Given that the effective strength of SHA2-256 is such that it is likely not the weak point in any security chain around the use of TLS or the PKIX, there's no sane reason to switch to SHA2-512; this is just a male genital size comparison war. Security is suffering as a result, because if TLS is effectively unusable and folks have to switch back to cleartext just to be able to communicate, because the certs themselves are an availability DoS, then the purported security improvement is useless.

So politics has completely won out over practical security. Meanwhile, every time I issue an assurance, I am taking on legal liability, for free, in case someone protests that I've failed to follow process. I'm not willing to do that for a project which has fallen so far.

Henceforth, I will use my own CA for more certs, a StartCom certificate where I really want technical other people outside my own household to be reasonably able to verify, and continue to push for DANE TLS anchors with DNSSEC verification for those server-to-server federated links where the PKIX is a poor fit (because second-order effects lead to degeneration in trust store content limitations, until the PKIX is useless).

I have de-listed for CACert verifications.

-The Grumpy Troll, particularly darned grumpy right now

Categories: TLS PKIX Certificates Cryptography