Symantec SSL certificates now free, reflecting true value

It's a PKI race to the bottom in 2016. Advances in web site authentication have been rare and nothing inspiring is in the offing.

It's official now: Only suckers pay for DV (domain validated) TLS/SSL certificates (hereinafter just 'TLS'). Symantec, the dominant player in the market, is going to give them away through a partnership program with hosting services called Encryption Everywhere.

Even if unofficial, it has probably been obvious for a while, at least since Let's Encrypt, a free open-source certificate authority (CA) run by the Internet Security Research Group (ISRG), came online last September. They recently issued their millionth certificate.

Symantec might have argued that users recognize and trust the Symantec name more than they might "Let's Encrypt," but even if this is true (and I doubt it) those users are making a mistake. No matter who issues it, a DV certificate proves very little about the authenticity of the site. I think Symantec is coming to accept that people know this, to the extent that they give it any thought at all.

TLS certificates serve two functions: To provide a public key for encrypted communications, and authentication of the site. The encryption you have always been able to do with a self-signed certificate, which you can make for yourself for free. The problem with that is that modern browsers put up 5-alarm warnings when you browse a site with a self-signed cert and make you click several times to ensure you know you're doing something stupid. It's a strange approach considering that browsers don't hassle you when you go to a site with no TLS at all.

This approach also presumes that a DV cert issued by a trusted CA demonstrates a meaningful level of authentication. Does it? Yes, but not to a high enough degree that ordinary users who don't scrutinize site certificates should feel safe. All it proves is that the person who obtained the certificate had access to the email account of the site's registered administrative contact. The fact that anyone can easily get a free DV cert from the respectable and democratizing Let's Encrypt, rather than from a commercial CA, just makes matters worse.

There are stronger forms of TLS certificates, OV (Organization Validation) and EV (Extended Validation). For an OV certificate, in addition to proving that the applicant has administrative control of the domain, the CA must, according to the CA/Browser Forum's Baseline Requirements:

verify the name and address of the applicant using reliable information sources, such as a government agency in the jurisdiction of the Applicant's legal creation, existence, or recognition or a reliable third party database. The CA also confirms the authenticity of the certificate request through some means of reliable communication with the organization (i.e. they verify that the certificate requester is an authorized employee/agent within the subscribing organization). For certificates issued to individuals, the CA verifies the individual's identity using a government-issued photo ID that is inspected for indication of alteration or falsification.

Clearly there is more cost involved in vetting an OV certificate application and a human being must be involved in the process as compared to the automated process for DV certs. An EV certificate requires even more human research and greater expense.

But with an EV certificate at least you get the clear identification of the entity holding the certificate. See the image below. At top is an EV certificate. At bottom is a non-TLS site. In the middle is either a DV or OV site, and therein lies a big problem. There's little incentive to spend more for an OV certificate when the user experience is the same as with a free DV certificate.


To be sure, OV is more valuable for B2B authentication and authorization in processes which don't necessarily have a visual component like the one above. In such applications EV is probably overkill, because you are mostly paying to be able to have the green bar. OV provides a stronger authentication than DV and is probably strong enough.

Of course, there is also the encryption of the communications. If you're concerned about Uncle Sam listening in on your web browsing, then it's a very good thing for everyone to be using TLS. But that's not the real threat users are facing. The problem is not exposure of bits on the wire, but the inability for users to know that they're visiting the site they intended to visit and that it's a safe site.

Even EV does only a half-assed job of this, but it may be as much as we can expect. Unfortunately, DV and OV sites are no more inherently trustworthy than sites with no certificates. The certificates are no substitute for users keeping their eyes open and being able to recognize behavior that is not normal, something we can't reasonably expect of users.

I haven't heard of any attempts to leapfrog past this fundamental weakness of the web. We use TLS certificates for it because we have nothing better.