Hacker News new | past | comments | ask | show | jobs | submit login

> That Mr Levison happened to use the same SSL certs for all paying customers isn't the fault of anyone but... him.

Name me one large company using HTTPS, with separate SSL server certs for each user.

Just one. I'll wait.




When your business is secure email, I think we can fault the creator for designing the system in such an insecure way.

If it wasn't a warrant, a single leak of the key would expose everyone's data.


It's fairly obvious that you have no clue how SSL actually works.

Do you honestly think that it would make sense to set up a completely new domain for each and every user? Do you have any idea what a nightmare that would be to support? Do you think it would be cost effective to spend $50/year per user to implement such a system?

And do you really think that SSL has anything at all to do with the encryption used for storing data inside his system?


Actually you could implement it rather easily using a wildcard cert and a CA provider that provides unlimited signings (like DigiCert). The user goes to "https://myuser.whatever.com", and you use SNI to select the private key.

It might be a pain to manage, and you'd need to get your wildcard cert resigned for each private key, but that's just logistics.


That would cause any particular user to leak what user on the site they were. In other words, if I connect with https to lavabit normally, anyone watching my connection knows I went to lavabit, but don't know what account I am associated with. If I have to hit a subdomain specific to my user, then they know.


It would be a nightmare to manage, and you would have to explain to all 400k of your customers how connect to the smtp/imap endpoint for that particular user.

Completely and totally unrealistic for an email provider. The support costs alone would bankrupt the company.


Really? Server: <username>.provider.com.

Anyways, I'm just pointing out that it is possible to provide per-user certificates.


Sad that the parent is being down voted for being 100% correct.

He designed his system to have a single point of failure. The government then exploited that fact because it would allow them to get access to the data they want. This is Lavabits fault, not anyone elses.


So you're saying lavabit is at fault for using SSL exactly how it was designed to be used?

Did you know that your bank uses the same exact approach to SSL security? Did I just blow your mind?


Perhaps the problem is believing that using SSL exactly as designed is the right solution. Somehow tarsnap manages to keep my data safe without relying solely on SSL.


Yes, yes and no.

Design a system where if the government wants access to one account, you have to give them access to everyones account to comply? Your fault.


No one designs systems like that because, up until now, the threat of having the feds confiscate your private SSL keys was unthinkable for those of us who don't wear tinfoil hats.

And it's still not 100% clear that forcing a business to hand over their keys is even legal from a constitutional standpoint.


The site wasn't designed to be 100% secure most likely due to it being overly complex and burdensome on the end user, thus reducing uptake. So a comprise was made and that is why it was designed the way it was...thus leading to a subpoena for the entire site since Lavabit didn't comply with handing over a specific users data.

Also it is legal for the site to hand over their keys, it already happened. The only way it will become illegal is if the law somehow gets repealed.


What? The site WAS designed to be 100% secure, which is why the government demanded he hand over his private keys.

There was no compromise anywhere, financial institutions use the same exact security strategy. An insecure system would be one that makes it easy for a 3rd party to intercept communications (via warrant or through a disgruntled employee or whatever), that is basically what you are suggesting.


Financial institutions haven't promised to keep your info secret from the government when served with a warrant.


But that bolsters the EFF's argument, does it not?

I mean, on a technical level, you may be right, but the 4th Amendment is not something that protects only as long as the government does not exploit these technical details. See Kyllo v. United States.


It's obvious that your straw man has no clue how SSL works. Why should the disclosure of one SSL key compromise all users of your service?


Because an SSL certificate is linked to a specific domain. It has nothing at all to do with user accounts. Creating a custom domain for each and every user is totally nonsensical from both a business and technical standpoint.


God did not say "Lavabit must only use SSL and cannot use any other measures to fulfill its understood and contractual obligations with customers". That is ridiculous.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: