Are Free SSL/TLS Certificates Trustworthy ? Can Cert Providers Snoop On Traffic?

Question

I know nothing about encryption, SSL, TLS, certificates and have come across several companies offering free SSL/TLS certificates.

How trustworthy are these offers? Why would I want to adopt this change when I am not sure about if I can trust those offers?

More so, could the providers of such certificates snoop on the traffic that goes between the browser and the server, ultimately given authorities that either force the cert providers to do so (government legal action|NSA|etc.) or the providers themselves willingly doing so, a back door of some kind to tap into "secure" and "encrypted" traffic?

I find it hard to believe something that is given for free should increase the security of many many websites. More so I might even think this is some kind of con strategy so that governments|agencies|etc. can more easily snoop on traffic by either having some kind of master key copy or another technique unknown to myself that involves issuing "secure" certs while in fact they are not.

Forgive me my lack of knowledge in this field, perhaps I am mixing a few terms here, in any case I am having a hard time trusting this initiative. Am I simply too paranoid or have the bad news of the past increased my sensitivity towards this?

https://en.wikipedia.org/wiki/Comodo_Group#Controversies

https://en.wikipedia.org/wiki/Verisign#Controversies

Is there any technical security reason not to buy the cheapest SSL certificate you can find?

https://askubuntu.com/questions/497923/fake-usertrust-com-certificates-in-chrome

Answer 1

The SSL certificates used on web servers have two purposes:

1. They identify the web server, so that persons browsing to that site can be sure that they are not accessing the wrong site.
2. They encrypt the traffic, so that nobody can snoop on the traffic.

Identification

In order for any CA to be included in the common browsers (i.e. Firefox, Safari, Chrome, Internet Explorer, ...), the CA must follow the rules set forth by the CA/Browser Forum. This means that they must make some effort to make sure that a certificate identifying example.com does not get issued to anyone who isn't the owner of that domain. Different CAs do this in different ways. On the expensive side, in order to get an EV certificate from Verisign, you'd need to show actual proof of ownership of the domain as well as proof of your identity and your authority to request the certificate. This will include actual paperwork that gets inspected by humans - which is of course the reason for their certs being expensive. So a certificate issued in their Extended Validation program is about as reliable as is possible; you should be able to be certain that not only is the domain right but that the organization mentioned in the certificate is also verified.

On the free side, LetsEncrypt only need you to add a specific DNS record or HTTP resource to prove your ownership of the domain/web server. That way they have no idea of your actual identity, but they do know that the person making the request for a certificate is also in control of the domain. That is all the identification their certificates offer.

If you're not a company that needs to have the level of trust implied in an EV certificate, having a cheap or free certificate may be all you need. If you're a bank, or any big business, you probably want people to feel extra secure, and so you'll be willing to pay for the higher level of identification to get their company name next to the padlock in the browser window.

Encryption

TLS/SSL uses a public/private key pair. The CA that issues the certificate does so by signing the public key, aka the certificate. But they never see the private key - and it's the private key that is used to encrypt the traffic. This means that the CA has no way to snoop on the traffic.