On the same day Tails 0.10 was put out, our website started to use a commercial SSL certificate. This new certificate replaces the previous one that was delivered by the non-commercial CACert certificate authority.
Using HTTPS instead of plain HTTP to connect to a website allows you to encrypt your communication with the server. But encryption alone does not guarantee that you are talking with the right server, and not someone impersonating it, for example in case of a man-in-the-middle attack.
SSL certificates try to solve this problem. A SSL certificate is usually issued by a certificate authority to certify the identity of a server. When you reach a website your web browser might trust an SSL certificate automatically if it trusts the authority that issued it.
Commercial certificate authorities are making a living out of selling SSL certificates; they are usually trusted automatically by most of the browsers. Other non-commercial authorities, such as CACert, need to be installed by the operating system or by the user to avoid displaying a security warning when visiting the website.
But this trust system has proven to be flawed in many ways. For example, during 2011, two certificate authorities were compromised, and many fake certificates were issued and used in the wild. See Comodo: The Recent RA Compromise and The Tor Project: The DigiNotar Debacle, and what you should do about it.
It is clear for us that getting an commercial SSL certificate is not enough to strongly authenticate our website, and for example authenticity of our releases. That's why we always propose you stronger ways of authenticating our Tails release using OpenPGP signatures.
Still we decided to get a commercial certificate for the following reasons:
- It makes it harder to setup a simplistic man-in-the-middle attacks against the people who didn't use HTTPS so far to visit our website.
- Our website now is only available with HTTPS enabled. This may be important to provide some confidentiality while posting on the forum for example.