Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Replace Comodo SSL certificate with a certificate from a secure Swiss certificate authority

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)

Topic Author
Anonymous poster

Replace Comodo SSL certificate with a certificate from a secure Swiss certificate authority

Postby Anonymous poster » Fri Nov 25, 2016 4:18 am

ProtonMail uses a Swiss SSL certificate because of this:
Our SSL certificate authority (CA) is QuoVadis Trustlink Schweiz AG, a leading Swiss SSL certificate issuer. Using a Swiss based CA ensures that our CA's SSL infrastructure is not under the control of US or EU government agencies.

-ProtonMail (source)


cryptostorm is using Comodo as certificate authority. Comodo is based in the United Kingdom and the United Kingdom is a Five Eyes country. Comodo also seems to be one of the most incompetent CA security-wise (along with WoSign and StartCom) (source).
I would recommend switching to a CA that is based in a country with good privacy laws. Iceland has as far as I know no CA that has wide implementation across operating systems and browsers. However, there are multiple CAs that are based in Switzerland, which has privacy laws comparable to Iceland. I'd try getting the same SSL certificate that ProtonMail uses, since it seems to be working great for them.


Khariz
Posts: 160
Joined: Sun Jan 17, 2016 7:48 am

Re: Replace Comodo SSL certificate with a certificate from a secure Swiss certificate authority

Postby Khariz » Fri Nov 25, 2016 6:26 am

Or at least use something like Let's Encrypt as recommended by the EFF: https://www.eff.org/deeplinks/2016/10/l ... hority-web


Topic Author
Anonymous poster

Re: Replace Comodo SSL certificate with a certificate from a secure Swiss certificate authority

Postby Anonymous poster » Fri Nov 25, 2016 8:34 am

While I love the fact that Let's Encrypt is free, open source and run by a trustworthy non-profit the fact remains that the organisation behind Let's Encrypt - Internet Security Research Group (ISRG) - is based in the US. Then ISRG could be served a National Security Letter combined with a gag order, which would force them to comply with any US government request - such as giving the US government private SSL keys - and forbidding ISRG from disclosing it to their users. It would be best if the CA used for cryptostorm wouldn't be based in a Five Eyes country and the country should preferably have very strong privacy laws.


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 14 guests

Login