Wow… Just wow… What did I just read:
I’ll just copy/paste the conclusion of the article:
StartCom launched a tool that makes it easier to secure communications on the internet, which is something we applaud. In doing so however, they seem to have taken some shortcuts in engineering. Using their tool, an attacker is able to obtain certificates for other domains like google.com, linkedin.com, login.live.com and dropbox.com.
In our opinion, StartCom made a mistake by publishing StartEncrypt the way it is. Although they appreciated the issues for the impact they had and were swift in their response, it is apparent that too little attention was paid to security both in design (allowing the user to specify the path) and implementation (for instance in following redirects, static linking against a vulnerable library, and so on). Furthermore, they didn’t learn from the issues LetsEncrypt faced when in beta.
But the issue is broader. As users of the internet, we trust the CA’s to provide us with a base for trust upon which we do business and share our lives online. When a single CA publishes software with this level of security, the trust in the CA system as a whole is undermined.
That’s serious. Very serious… Hopefully only the trust in StartSSL will decline, not CA’s in general.
And… Why didn’t StartSSL just use the ACME protocol? Why try to reinvent the wheel and think you can do ‘better’ than all those hours of thinking, debating and hours of work that went in the ACME protocol?
I’m very interested in all your opinions