Hello Michael, hello Matthias,
a few thoughts on this from me:
(1) @Michael: Thank you for having a look at this. In my opinion, enabling HTTPS on all *.ipfire.org sites by default would be a huge security benefit.
Of course, this needs time and testing, so no pressure. :-)
Especially on download sites HTTPS would be nice in case someone verifies the downloaded ISO - when transmitted in plaintext, both image and checksum might be modified by a MITM.
Further, there is still SHA1 in use on http://download.ipfire.org/, but that is another issue.
(2) Speaking about the CAs: I do not know what opinion to have here.
On the one hand, using your own project CA is good since nobody except the visitors has to rely on some external certificate signing company.
Publishing the TLSA-records tells everyone that this CA - which is untrusted by all current browsers - is legitimate on *.ipfire.org.
On the other hand, there are two points against it: (a) Nobody actually uses TLSA/DANE for validating web site certificates (this is different when it comes to SMTP). So, nearly every user will see a certificate warning.
Personally, i suppose DANE will never be implemented in web browsers. There are too many collisions with the systems DNS service, and network stacks, and the network's firewall rules, and so on. Sad, but that is what we (do not) have.
So, enabling HTTPS on all or at least some very important IPFire sites will cause more user complaints.
Further, and that is a _very_ big problem in my eyes, it actually decreases transport encryption security: Every time a user accesses *.ipfire.org, he/she/it has to bypass a certificate warning - at least in FF, there is no easy way to store the exception permanently.
In case a MITM injects his own certificate to break TLS, the user will see a certificate warning which is nearly identical to those shown usually for IPFire's CA. And the user will mostly bypass this - very well-known - warning, an the attacker won.
To prevent this, you MUST check the certificates checksum against the value you know is legitimate. Every time.
Nobody will do so.
(b) As I mentioned above, I completely understand your point having an own CA. However, I do not think this is so important for public web services:
As far as I am concerned, there is no "trust" in case of CA companies. Some of them showed a really unprofessional behaviour (DigiNotar, WoSign, Symantec, ...) and are/were either kicked off business by their customers or the web browser developers.
You only "trust" a CA to validate if a certain domain really belongs to the person who claims so.
In case there is a certificate in use signed by a foreign CA, what should happen? Nobody except the server admin has the private key, and there are many techniques to prevent modern browsers accepting any certificate for your domain, such as: - DANE/TLSA (specifies which certificate [chain] is valid) - CAA (DNS record, rather new, specifies which CAs can issue certificates for this site, might be supported by common browsers some day) - HSTS (preventing a MITM from downgrading to plaintext) - HPKP (as DANE, but supported by modern browsers, TOFU [Trust On First Use] = first connection must be clean)
Except from going out of business, I do not see any risk for a web site owner here. That is, in case all or some of the mentioned methods are implemented.
Let's Encrypt (LE) seems to be different from other CAs since they use standardised methods and act quite transparently. Further, there are some "major players" behind it (Mozilla, EFF, ...) which have a good reputation. This - hopefully - means that there will be no security breaches like in case of DigiNotar.
To come to an end, using LE as a CA for *.ipfire.org will not harm the security of IPFire significantly. It reduces browser alerts and a possible security threat (see above), making it easier to deploy HTTPS.
Needless to say, DANE/HSTS/CAA are obligatory.
Best regards, Peter Müller