Most Popular

• The Most Common Java Keytool Keystore Commands
• Firefox 3 developer explains "broken" SSL error pages
• How to Create A Self Signed Certificate
• How to use SSL Certificates with Exchange 2007
• SSL Certificate Renewal: Even Google Forgets

Login:

Firefox 3 developer explains "broken" SSL error pages

Johnathan Nightingale, a user interface developer for Firefox, has responded to the criticisms of the way that self-signed certificates are handled in Firefox 3. He first complains about the number of times that users call his user interface decisions stupid through wording such as:

Q: Why has Firefox started treating self-signed SSL certificates as untrustworthy?  I just want encryption, I don’t care that the cert hasn’t been signed by a certificate authority, and anyhow I don’t want to pay hundreds of dollars just to secure my communications.

Jonathan explains the problem with this kind of thinking:

First of all, this isn’t quite right.  You never *just* want encryption, you want encryption to a particular system.  The whole reason for having encryption is that you don’t want various ill-doers doing ill with your data, so clearly you want encryption that isn’t going to those people.

“So fine, I want encryption to a particular system,” you say, “but I don’t need a CA to prove that my friend’s webmail is trustworthy.  CAs don’t even do that anyhow.  I trust him, Firefox should get out of my way.”

Yes, absolutely - the browser is your agent, and if you trust your friend’s webmail, you should be able to tell Firefox to do so as well.  But how do you know that’s who you’re talking to?

He then gives three specific ways that your "Secure SSL Connection" could be exploited if the server uses a self-signed SSL Certificate including packet sniffers, router flaws, DNS flaws like the one that Dan Kaminsky revealed. He then concludes:

The question isn’t whether you trust your buddy’s webmail - of course you do, your buddy’s a good guy - the question is whether that’s even his server at all.  With a CA-signed cert, we trust that it is - CAs are required to maintain third party audits of their issuing criteria, and Mozilla requires verification of domain ownership to be one of them.

With a self-signed certificate, we don’t know whether to trust it or not.  It’s not that these certificates are implicitly evil, it’s that they are implicitly untrusted - no one has vouched for them, so we ask the user.  There is language in the dialogs that talks about how legitimate banks and other public web sites shouldn’t use them, because it is in precisely those cases that we want novice users to feel some trepidation, and exercise some caution. There is a real possibility there, hopefully slim, that they are being attacked, and there is no other way for us to know.

On the other hand - if you visit a server which does have a legitimate need for a self-signed certificate, Firefox basically asks you to say “I know you don’t trust this certificate, but I do.”  You add an exception, and assuming you make it permanent, Firefox will begin trusting that specific cert to identify that specific site.  What’s more, you’ll now get the same protection as a CA signed cert - if you are attacked and someone tries to insert themselves between you and your webmail, the warning will come up again.

I don’t think the approach in Firefox 3 is perfect, I’m not sure any of us do. I have filed bugs, and talked about things I think we could do to continue to enhance our users’ security while at the same time reducing unnecessary annoyances.  You’ll notice that Firefox 3 has fewer “Warning: you are submitting a search to a search engine” dialog boxes than Firefox 2 did, and it’s because of precisely this desire.

I welcome people who want to make constructive progress towards a safer internet and a happier browsing experience. That’s what motivated this change, it’s what motivates everything we do with the browser, really.  So it sure would be nice if we didn’t start from the assumption that changes are motivated by greed, malice, or stupidity.

SSL Question Corner - [meandering wildly]

Digg Slashdot del.icio.us Reddit furl

Duane
Posts: 7

Ho hum
Reply #7 on : Wed August 13, 2008, 06:26:30

---

Good to see everyone missed my point, I wasn't advocating the use of DH ciphers merely pointing out that Firefox supports using them.

The real point to my comment which everyone seems to have ignored is OpenPGP has a valid RFC against it allowing to to be used as an alternative to X.509 certs, however so far no browsers or even plugins support using those certificates which could be a much better alternative to X.509 with its woeful take up rate of less than 0.5% of all websites or there abouts.

Some food for thought: http://open-pgp.info/wiki/index.php?title=Why_X.509_is_Bad

Alex Ponebshek
Posts: 7

SSH and GPG both handle this fine
Reply #6 on : Mon August 11, 2008, 22:50:29

---

This could be handled the same way SSH and GPG have both handled it forever: you get the key, actually *look* at the certificate, check the fingerprint, and if it matches the one you memorized or wrote down, make an exception! Firefox 3 has a nice "Add an exception..." button, and it works just fine. The warning is ominous, because anybody who doesn't understand what it means is right to be afraid of it, and anybody who does understand what it means an ignore the ominousness and look at the cert.

spispopd
Posts: 7

Make your own CA.
Reply #5 on : Sun August 10, 2008, 19:56:34

---

Look, true self-signed certs are silly. Make your own CA and sign a server (and maybe a client!) cert with that, and add your personal CA to your firefox list of trusted CAs. It's point and click with "TinyCA2", assuming you're on linux.

Firefox SHOULD give a disconcerting message for self-signed certs.

Aaron Miller
Posts: 7

Re: Could Mozilla become a CA?
Reply #4 on : Sun August 10, 2008, 17:32:39

---

If mozilla could, it would still be costly to mozilla. They need to get their root certificates into -all- browsers (read: IE especially [Good luck dealing with MS]). Then they need to verify the identity of the holder of any certificate before they sign it, which is a lot of paperwork. Being a CA is a lot of costly work and a difficult thing to do for free. And @Duane DH works fine until there is a man-in-the-middle which is the entire point of CAs in the first place. CA signed certificates are for businesses, and -aren't- that expensive for the people that need them.

Mr Flibberly
Posts: 7

RE: He's been drinking the Koolaid I see
Reply #3 on : Sun August 10, 2008, 15:47:33

---

Duane,

If you read Jonathan's quotes in the post you would realize that the lack of a certificate authority leads you open to a man in the middle attack. It doesn't matter what cipher you are using, without a certificate authority there is no way to bind a web address to a key in a trustworthy way.

Certificates *are* prohibitively expensive for many uses and an alternative system for more casual use (something like a web of trust) is certainly desirable. Self signing certificates however, really isn't a very effective solution, and Firefox's behaviour in this regard is wise.

Paul Dorman
Posts: 7

Could Mozilla become a CA?
Reply #2 on : Sun August 10, 2008, 15:40:54

---

This would solve the problem and do the world a favor. A free CA service is very much needed.

Duane
Posts: 7

He's been drinking the Koolaid I see
Reply #1 on : Sun August 10, 2008, 13:07:58

---

If "You never *just* want encryption" then why do they incluse DH ciphers?

Not to mention OpenPGP is part of the TLS family, I don't need some third party to tell me who is and who isn't my friends, of course anyone with enough money would be my friends.

Write a comment

Name:
Email:
Subject:
Comment:

Security Code:
 

Post Comment