Slashdot Mirror
Mozilla SSL Policy Considered Bad For the Web
Chandon Seldon writes "The issue of digital certificates for SSL and the policies surrounding them comes up repeatedly. I've written an article criticizing the behavior in Firefox 3, which includes a serious comparison of the current Mozilla policy — restricting encrypted HTTP to paying customers — to a violation of net neutrality."
I second this complaint.
Except that the entire issue somehow reminds me of Moby Dick
looks like I will have to switch to internet explorer to access self signed https extranet. There are various cases where you do not need any third party to prove your identity. Firefox 2.X was already quite annoying with this. Firefox 3 seems to be even more.
wouldn't implementing what the author suggest, defeat the very purpose of having a CA ? SSL is not just for encryption you know. There is a little thing called 'trust' which pays a big part in it too.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
The whole point of SSL is to have some assurance that you are connecting to whom you think you're are connecting to.
While the model of paying a CA to assure your identity is not perfect by any means, ignoring the issue isn't either. Many slashdotters seem to have a hard time getting this.
IMHO, the system in Firefox 3 is superior. While self-signed sites are blocked by default, it is not easier to explicitly trust a self-signed SSL site. In the past, most people would just click past the nag dialog when it popped up.
Conformity is the jailer of freedom and enemy of growth. -JFK
I think it is. Half of SSL is about encrypting a connection, the other half is about knowing whether you can trust the other side. What the article suggests (that SSL connections when the other side uses a self-signed certificate should give no warning) would completely destroy security of the Internet.
I encourage all of my users to use Firefox by including it on our PC images, showing them it's cool features, and letting them know about how it's more secure. I've been running into problems with self-signed SSL certificates though.
I run a router/firewall based on the Untangle software, which in turn is a modified Debian/Knoppix setup. It also does VPN, based on the open source openVPN software, and it uses self-signed SSL certificates for it. While I don't mind adding our firewalls to a safe list, my users freak out with all of the warnings and aren't sure what they should do. I've been telling them to use Internet Explorer, but it makes my skin crawl to say it. Hopefully the Mozilla team will reconsider their position to make their software more open-source friendly.
"...I've written an article criticizing the behavior in Firefox 3..."
This reads like flamebait.
As the article admits, you can import the cert and access any SSL website. It's kinda weird to write an article about using a scary "you are being hacked" warning and then post a scary "firefox 3 doesn't let you use SSL unless you pay" statement.
Yeah this is no good. And its a real shame that it comes from the "good" browser. I'd expect this from safari or IE. All we need is the information about the cert. Let the user decide if he/she is ok with using the site.
Support bacteria, the only culture most people have.
For some small sites, we need to encrypt traffic to protect consumer data from being "spyed on" by misconfigured switches, WLAN eavesdropping, and so on.
For those sites, buying a certificate is possible, but the costs are high compared to the gains (as this is *only* about protection of the data, not about "being sure this is site XY). Based on the certificate IDs/hash it's possible in this environment for anyone to compare whether the certificate is a trustworthy one, or not. The certificate identification is, in this case, possible.
But it's a lot harder to explain why this really, really scary message (it scares the HELL out of customers) appears now and then, when someone moved to a new computer or something.
The old FF2 behaviour was "better" in this respect.
I also see benefits of the efforts made to clarify this encryption/identification stuff for normal users, like the green address bar. That's really a gift, showing the user "everything all-right with your banking application or amazon store".
But this behaviour marking "self-signed" certificates as something über-evil out of the deepest depth of hell, is crossing a line a bit to far, in my opinion.
A short warning with a better explanation, or even a yellow bar - encrypted, but not "that secure" - might have been a better way.
Well, patches welcome, I hope :)
Still better than just praying the 2012-expected Internet Nightmare 9 misteriously replacing the old behaviour with something worse. You know what I'm talking about, are you? ;)
The average user doesn't notice any security feature unless it is in their face.
Given the number of phishing sites out there, it could be argued that every additional slap to the face that a user would have to get through in order to get to a phishing site (known phishing site, self-signed SSL, acknowledge that you are a fucking retard for bypassing the last two warnings, etc.) may be worth it.
Just remember that just because the precepts of net neutrality (all bandwidth is equal) means that we should let a user shoot themselves in the head doesn't mean that we shouldn't at least make a passing effort to put a safety on the gun they are using.
RomSteady - I came, I saw, I tested. GamerTag: RomSteady / http://www.romsteady.net
Is it wrong to have quick and dirty arbitrary secure end to end connections?
one needs only to pay attention, which is cost effective, & could lead to our survival. see you there? the lights are coming up all over now. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.
http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
http://biz.yahoo.com/ap/080708/cheney_climate.html
is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.
http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying
dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);
http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html
the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.
corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7
as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' inno
In four mouse clicks I've added that site to my exceptions list. It warned me, I read and understood the warning, I acted. I saw the https page and the web site owner didn't have to pay for a certificate.
So, the article is wrong:
"Mozilla Firefox 3 limits usable encrypted (SSL) web sites to those who are willing to pay money to one of their approved digital certificate vendors"
please add 'or click four times to add the site to an exception list'.
fta:
"This is really an issue of the basic principles of internet openness. Everyone has equal access to the features of HTTP or SSH, there's no reason why there should be artifical constraints on access to HTTPS. But that's exactly what the Firefox SSL behavior does."
The above statement makes it sound as if SSH and HTTP(s) are related. Quick summary:
http
ssl
https = http + ssl
ftp
ftps = ftp + ssl
ssh/sftp (they stand alone)
I'm not sure what the problem here is - If a website claims that it isn't part of the malware revolution with a self signed certificate, it isn't any more authentic than NOT having one.
The only real use for a self signed certificate is for large institutions that already have the trust of the user (ie: universities) - but you have to assume that they havn't been compromised, because it would be easy to have a second certificate, signed by the owner of the hijacked site.
Anyways, firefox 3 does a great job, and it isn't hard to add an exception - and it isn't annoying like UAE...
Surely this is the same as has been implemented in all browsers since SSL came along? the only real difference here is in how the message to the user is displayed. Previously, a dialog box would have popped up warning the user, and most users would automatically scan for the OK button and click it without giving it further thought, or indeed reading the dialog box.
Because this message appears where the page would normally appear, people seem to be actually taking notice of it. It's not about net neutrality, it's about trust. There are a number of trusted root certificate people out there, and that number is small for a reason. If everybody could create a trustworthy certificate, then what would be the point. It's a shame users have in the past been so useless at exercising judgement in what sites are trustworthy and which aren't.
At least now, they are forced to consider the implications clicking through, and that can only be a good thing.
what do you mean, trust?
An SSL certificate automagically means that it is impossible for the site to be hacker, or some guy internally running away with sensitive data, etc. ?
At best, it will say "Why yes, this -is- the website you are looking for.".. beyond that, there's no more trust than I would give a warezyporn website hosted on a .tk domain.
SSL may not be just for encryption, but perhaps it should be.. or should have been. It should never have served this dual purpose - and the story explains quite nicely -why-.
Dude,
Like has been said, it is mostly saying, yes, this is the person your talking about. Anyway, who really cares? SSL certs arent that fucking expensive, you pay 10 bucks a month for any half assed hosting service anyway, whats an extra 20 a year to have your ssl show up right?
dont be a cheap ass
"we are programmers and developers, and as a community we think this is the right thing to do" - this does NOT fly. public accepts what they like, they refuse what they dont. this is as simple as that, REGARDLESS OF what they accept or refuse may be good, or bad.
it is utterly stupid to go overly jacobin and enforce something on people 'for improving the security on the web', in an open source project that is made by people FOR the people.
a lot of websites, service owners, businesses using vpn and their clients and their users are going to experience hell lot of problems due to this extreme self righteousness forced upon them, if they go for firefox 3.
to be honest, despite im fighting for free and open internet, linux, open source by the means available to me as much as i can, i will be advising friends and clients to stay away from ff3 because of that certificate issue.
Read radical news here
As mentioned on the Firehose comments page about this article (http://tech.slashdot.org/comments.pl?sid=634651&cid=24461415):
If the purpose of the Firehose is to vet articles, it's not doing a good job.
Certificates for most domains can be issued by a trusted root if you can get access to one of a few e-mail addresses on the domain. Other certs can be ordered if you commit fraud and uses false letterhead. So the trusted roots are most often not trusted.
If my browser trusts Equifax, then it basicly gives no security at all.
The only way to get SSL working again, and prevent man in the middle, is by zapping all trusted roots in the browser, and let the user individually accept whatever certs he trusts. He will then get a warning every time a server changes vert.
The trusted roots can stay, so the user has an option to see who issued a new cert.
Why would I trust the security of my online banking, creditcards etc to a company in Uruguay ? Everybody does, as it is a trusted narcs^H^H^H^H^Hroot dealer.
CN = SERVICIOS DE CERTIFICACION - A.N.C.
OU = SERVICIOS ELECTRONICOS
O = ADMINISTRACION NACIONAL DE CORREOS
C = UY
There are some majort issues to trusting so many roots, with different validation requirements.
This isn't an IE/Firefox issue. It's about you being too cheap to buy a validated cert while simultaneously being too dumb to force your users to accept your certs.
If you are running your infrastructure with self-signed certs, just put the certs on your clients.
Conformity is the jailer of freedom and enemy of growth. -JFK
People who know what they are doing can easily add an exception for a test or in-house cert. People who don't know what they are doing are less likely to be taken in by a phishing site using a self-signed cert. So, what's the problem?
[Insert pithy quote here]
its basically letting go of half of the security for improving the other half.
lets see, what are proponents of this are saying ? they are arguing "ssl is not just about encryption, its also about knowing that you can trust the source"
well, thats basically an entirely stupid approach, when you consider that a LOT of websites who are now using self signed certificates will be just removing ssl encryption rather than pay yearly fees to a 'certified' vendor or annoy their users with the HORRIBLE 'youre being hacked !' style ssl warning in ff3.
what happens ? basically you will have let half of the security go while improving the other half. net gain ? zero.
utterly stupid.
Read radical news here
I think the author makes Mozilla's case for them, by not appearing to understand the risks, especially at a time when DNS cache poisoning has become unusually feasible. E.g., the statement
is simply not true for clients of unpatched DNS servers. It's much easier for an attacker to get a remote user's traffic redirected to a host of his choosing than it is for him to snoop on that user's traffic. Volume-based attacks on DNS become increasingly easier as bandwidth increases, and people who operate botnets have a good chance of poisoning a cache even on patched nameservers, simply through brute force. Meanwhile, that smaller class of attackers who are in a position to actually snoop on traffic are also in a position to use an arp spoofing attack. Encryption is simply not useful without knowing whom you're encrypting to.
If you're feeling lucky, you can always add the exception. You can also sign your certs with a CA cert, and import that into your certificate database. Of course, anyone who trusts that CA cert also trusts you not to generate bogus certs for bankofamerica.com, etc... The solution to the problem is not to make the browser more trusting by default; it's to migrate away from X.509 to a PKI that allows domain owners to generate certs at no additional cost, such as a DNSSEC-based PKI.
I think Mozilla has it 100% right.
So add the issuing server to the list of authoritative CAs. Only do this if you have secure control of the machine but it gets rid of the whole need to add an exception.
Encouraging encryption is good but unfortunately no one can come up with a good way of encouraging encryption whilst avoiding phishing sites (and other attacks). Infact stopping phishing is so bad that it was deemed more important than encryption.
So what's your proposed solution to distinguishing between these two things? Well there isn't one. The closest you get is to say that "Obviously it shouldn't show a green address bar [like a trusted cert]".
The usability problems of expressing a 'dangerous site' are many and until you come up with a way of clearly expressing the distinction between encrypted sites and phishing sites then you won't get far Nat. Firefox 3 made a the right choice for the majority of users who are non-technical.
Perhaps establishing a non-profit issuer is a possible solution?
Similar to the concept of OpenDNS it could be a free (as in freedom) and very cheap alternative to the large commercial certificate issuers?
If I wanted to undertake such a project myself, thereby contributing to the community, what would it involve? (I am ready to pull some cash out of my pockets, but I am no millionaire, just a tech-geek, so be realistic). And do you have the expertise to help establish such an "openCertificate" service?
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
I originally meant to post this as a comment to the blog post, but apparently the author does not care about testing their commenting feature. This alone should already tell you stories about how much thought he puts into this stuff.
-+-
Why in the world are you singling out Mozilla in this ? Every browser has this policy.
Every browser has avenues to add new root certs, too (I can just create my own CA, offer the certificate file on the web, and let users install that; all future communication with a site that has a certificate signed by that CA will not be bothered with these error messages). This may not be 100% convenient, you are correct. But it's not as if it was hard to do if you want to give your users the option of using encrypted sessions.
Oh, and there IS a way to get your shiny new non-profit CA into the main Firefox builds. All you need to do is comply with their procedures and requirements -- which include policies on how you verify the identity of the certificates you sign, how revocations work, etc., and requiring specific minimum requirements in these. If you think you can run a proper CA for free for everybody with proper identity checking and day-to-day operations, do it and get it added !
The default position Mozilla takes is quite simply that the CA should verify the identity of the entity the certificate is being issued to. You may not think that it is important for this to be such a prominent user interface feature, but many people do. Every user can add an exception for your site, you can add a CA of your own, you can get certified by a nonprofit CA (good luck finding one; I agree that most of them are scumbag operations that try to extract as much money from you as possible, but I have yet to see a proposal which both ensures identity checking and revocation management while being completely free ... Maybe you'll find a way).
This has nothing to do with network neutrality. Nothing at all. A more proper comparison would be comparing this situation with that of 2nd-level domain names. You can't get a .com domain for free, either. Nor a .net or .org or most of the country TLDs. You can open up your own Registrar (but will still have to pay dues for domains registered), just as you can open up your own CA. It'll be a rocky road, and it'll not be free -- least of all in work required.
My sites work just fine with SSL certs signed by my very own CA. Firefox displays them just fine (either by adding the root cert of my CA to it, or by simply adding an exception). All other browsers work fine, too. If you have visitors or customers that require validation of your certificate by a third party, you are SOL. But then again, you also would be were the warning worded differently (and there SHOULD be a warning for a certificate that is not signed by a trusted CA or one which you explicitly told the browser to trust. No matter what. Self-signed certs are alright for encryption, sure, but I want my browser to have a default setting of warning me when something is happening that very well could be an attack; especially when I have taken care to add a specific trusted CA (say, the one by my university).
-+-
We use a lot of self signed certificates for a lot of our internal, non customer facing sites, things like Nagios, Munin, etc. etc. most of our IT department are all running the latest Ubuntu Hardy with Firefox 3 and whilst Firefox's initial behaviour when it sees a new site using one of our certs is as described, it's not the end of the world as you just click through it and save the cert.
The real bitch is every few days everyone's Firefox instances are forgetting the cert, so we're having to go through the process every couple of days. I don't know if this is a bug, or new behaviour (aka a feature) but it's really annoying and driving me mad.
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
I've written an article criticizing the behavior in Firefox 3 [...]restricting encrypted HTTP to paying customers
Unfortunately, self-signed SSL certificates are vulnerable to man-in-the-middle attacks - for example, dodgy coffee shop WiFi, airpwn, DNS cache poisoning, corrupt ISP employees, ISP/government conspiracies, and so on.
Now, if it's just you and some friends using your server you can e.g. memorise the key fingerprint. But then, you can also add the self-signed key at whatever computer you happen to be using.
If you're facing a larger audience, however, self-signed certificates do not provide sufficient security as, though they protect against passive snooping, they do not protect against the very real risk of active (man-in-the-middle) snooping.
If you think Mozilla should have redesigned the SSL security model into a web of trust that's all very well, but frankly beyond Firefox's scope IMHO.
For those sites, buying a certificate is possible, but the costs are high compared to the gains (as this is *only* about protection of the data, not about "being sure this is site XY). Based on the certificate IDs/hash it's possible in this environment for anyone to compare whether the certificate is a trustworthy one, or not. The certificate identification is, in this case, possible.
I don't understand this. You want to be sure that the data transfered is protected, but you're happy to have it redirected to any site.
As to the cost/benefit, how about a cert from startssl? This has the cost of $0 and the benefit of being supported by Firefox. It's not supported by IE unless the user installs a root cert by hand, but then it wasn't IE you were complaining about. Firefox actually seems to be ahead of IE in this regard.
In my opinion the main point the article makes is:
- HTTPS with a self signed certificate is in no way worse than HTTP.
With HTTPS you are protected against all attacks that simply snoops your traffic. You are not protected against a man-in-the-middle attack, but they are much harder to perform. Thus, I believe a HTTPS connection should be showed exactly as a normal HTTP.
Also, think of the new law in Sweden that will allow a government agency to SNOOP all traffic transitioning the Swedish borders. They are not allowed to alter your data, and thus cannot fake a man-in-the-middle-attack.
EVERYthing on the web is susceptible to various attacks. yet, we are not mandating anyone to pay to some 3rd party source for a 'fix' in any of them. yet, it is the case of ff3 and the self signed certs. how come ?
so you people are basically arguing that because there can be man in the middle attacks, we should be forcing EVERYONE into the lap of verisign ?
how populist, how public minded, how democratic.
Read radical news here
When do people finally realize that self signed certificates don't work? If I share your WLAN access in a public cafe it's really no big deal to play man in the middle and exchange the presented certificate for my own. Ok, it's more work than without, but not much (about 5 minutes). The only case where self-signed certificates can be secure is when you manually verify the validity of a certificate beforehand and save it in your cert store. If your first check of a certificate's validity happens to be while I'm attacking you (maybe because you are visiting the site for the first time) you will "verify" my hacked one. And don't tell me about hashes on webpages. Maybe 1 in 1000000 users checks this once in a while for pure curiosity, but not more.
TFA seems to imply that Firefox won't let you connect to a HTTPS server using a self-signed certificate. Not so.
Having just successfully connected to a self-signed HTTPS server using Firefox 3, I really can't see how it differs from (say) Safari or Internet Explorer.
All of these browsers pop up a warning dialogue that might scare off an uninformed user.
All of these browsers also allow you to connect anyway. Look at TFA, you can see the "add an exception" link in the screen shot from Firefox? Click that, and firefox will bug you no more.
So what is the argument? Is the Firefox dialogue box somehow scarier than the equivalent scary warnings in Safari and IE? Is it the little icon of the Customs guy making users worry that if they click on "add an excecption" they'll hear the snap of the rubber glove?
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Hello,
without some assurance who you talk to (authentication), encryption is useless, since an attacker can insert themselves in the middle (called 'man-in-the-middle-attack -- MITM') as done by some chinese ISPs) without you noticing. Mozilla is 100% correct in their approach, some crypto-faschists would even go farther and not allow an exception through only 4 clicks.
Please learn some crypto before you complain about it.
Best regards,
os10000
It's not like Firefox makes it impossible to access a web site with a self signed certificate. It just makes it very obvious that something is wrong with the certificate, and tells the user that he shouldn't trust it to much.
there close to a billion people on the net that wouldnt tell what to do when faced with such a disastrous looking warning as ff 3 prints out when met with a self signed ca.
also there are equally many people that would rather skip visiting/subscribing to a site when they see the hassle ff3 puts out.
therefore many small service providers, businesses, communities that would not afford a decent certificate will be hurt in all respects, not to mention many users.
excuse me, but this is a very stupid, self righteous and jacobin move.
that is the EXACT kind of thing slashdot criticizes almost EVERY government, country, organization, corporation for, yet, you people are actually applauding it in this case.
Read radical news here
I think the following is misleading:
restricting encrypted HTTP to paying customers
It doesn't restrict ssl's to paying customers, it simply warns if the cert is self-signed, but does give you the option of accepting it anyway. What's wrong with putting good security first, but letting the user over-ride.
The entire article is based on a false premise (and some hysterical shrieking), which is that connection to self-certificated ssl encrypted websites is unavailable. It is simply not true and the author is apparently either woefully incompetent or is dishonest. I smell an ego-fuelled activist. I hadn't been aware of Firefox's behaviour so I tried the self certificated example offered. As mentioned by other posters it's 4 clicks to add an exception. What I really appreciate is that Firefox's dialogues explain the situation in layman's terms, i.e clearly and concisely, and let even an uninformed user make an informed decision. This seems to me to be ideal. It is certainly a much better approach than I've experienced with older versions of Firefox, or with Epiphany or IE6/IE7 where it always feels like a roll of the dice when trying to make a quick decision.
You're right, it's extremely stupid to defer trust to a group of 3rd parties that have demonstrated in the past that they're not really good at verifying the identity they supposedly certify.
Firefox should just have no preconfigured ca and pop up the warning with every new ca it sees, asking "do you trust verisign/thawte/whatever? Here are some links about their track record."
Alas, users are stupid and they'll just click OK anyway.
also do not forget that increasing privacy violation, deep packet inspections, surveillance and snooping is a MAJOR problem in every part of the world as of now.
ssl encryption provides the people with increased privacy, and makes it a tad harder for governments trying to peep on people.
yet, with this self righteous ssl cert move, firefox 3 is actually going to DETER the usage of self signed certs, and make it easier for governments or any interested party to snoop on many web users.
great move. very public minded.
Read radical news here
A warning to the effect that the site's identity could not be verified is what should be done here. And it should take -1- click to proceed (if you so choose, and with an option to permanently add this certificate to a list of accepted certificates.)
One can argue with the SSL approach that handles both encryption and identity with a single solution, but it is legitimate to use self-signed certificates when all you care about is encryption.
The same behavior should apply to email user agents.
Side issue: Whatever happened to the idea of an 'open source' certificate user? It bothers me that there is a list of closed (and not cheap) certificate authorities.
dave
I haven't tried Firefox v3 or even read the criticism, but isn't this an option that can be enabled or disabled under options/exceptions? I doubt that this would get put in there without the option to turn it off. The reason I 'assume' this is because MANY companies accidentally let their security CERTS expire. If someone forgot to renew their CERT, like GMAIL did last month and there was no way to create an exception, imagine the interruption. It took me awhile to figure out what had happened after I upgraded Firefox last time and couldn't get to gmail.
A.) You don't need to buy certs from Mozilla, you can buy them from any number of CA's, for as little as $10. There are some free CA's, as well.
B.) This isn't in any way related to network neutrality.
Interested in open source engine management for your Subaru?
I set up SSL sites as my day job...
I test the setup before the DNS has pushed out using the IP address. Hence I get that message all the time (due to the cert not matching the domain). It's four clicks to getting to the page (and each step gives useful information the first time round) - sure one click would be nicer but it's not something you want to do with a single mistaken click.
I'd rather see this than something that doesn't stand out, or nothing at all when accessing a site that's self signed.
Yes it can be a nuisance if you visit a lot of sites that are self-signed, however, if you're browsing habits are more corporate style, then it's good to know you're going to be warned if something's not quite kosher.
Who is general failure, and why is he reading my hard drive?
Look it's very simple. We'd like to be able to do two things: A) Encrypt data in transit between the web server and the browser. B) Authenticate the owner of the web site. These two things SHOULD NOT be inextricably linked. We should be able to do one without the other. If we had two icons on Firefox, one that indicates encryption in use, another that indicates trust, then that's all we need and everyone is happy. I agree with the author that it's completely ridiculous that we view an encrypted but not authenticated web site as more of a security problem than straight HTTP - that is nonsensical. Let encryption be free for anyone to use on a web site, with or without certificate!
I noted a far more subtle problem with SSL in Firefox about a year ago that deals with Client certificates. They allow users to use a non-repudiation certificate for authentication, which is a subtle but bad thing. It ends up giving the US DoD a free pass while messing with the security of everybody else that uses client certificates.
One good thing has come out of it: when I was interviewing for jobs, I brought this issue up with all of my potential companies. It was a great conversation-piece to hear what different companies would do in the Firefox Position: bow to the wishes of the DoD, screw the DoD in the name of the specifications, or something else entirely...
Reid
The Right Reverend K. Reid Wightman,
Is because people are too stupid to do any research.
If the article author had bothered to do even the slightest bit of it they would have discovered that there are already trusted CA in Firefox.
Startcom (http://cert.startcom.org) is in Firefox 2, Firefox 3 and Mac OS X 10.5/Safari 3. StartSSL (http://www.startssl.com) is in Firefox 3 and working on getting into Safari.
Startcom/StartSSL got into Firefox by following their approval policies. It is perfectly possible for any other provider to do the same, they merely have to bother to comply.
I totally agree with the author of the article. He doesn't suggest that there should be no verification of the SSL certificates. He just says that the warning message is an overkill because it scares people from using SSL in encryption-only mode. It's kind of a G.W. Bush approach ("You are either with, or against us.") that I wouldn't expect from Mozilla foundation.
IMHO, the new approach of Mozilla to SSL cert handling is flawed because:
1. The displayed message has the look of an error message, while in fact it is a warning message. You have to read the fine-print in order to understand that.
2. The message gives erroneous suggestion for the source of the (perceived) problem. In 99% of the cases, neither of the following is true:
3. If the Mozilla guys really think that there is something bad going on, why do they have checked by default the "Permanently store this exception" checkbox?
Finally, running running a CA is not an option for many companies. There is a quite heavy administrative overhead (compared to the received benefits) for doing so. Also, what happens with business partners of the company who don't want to trust all of the sites certified by their CA?
I am sorry to say, but this new warning screen is a bad copycat from IE7. I would bet that there is a thread somewhere in /. where the /.-ers moan about the new warning screen of IE7. ;-)
For lazy souls link to BugZilla bug 433422
Brief of discussion:
SecurityNazis: Self-signed SSL is untrusted!!!!
Admins and Users: Untrusted != invalid!!!
SecurityNazis: But self-signed SSL is really really untrusted!!!!
Admins and Users: Untrusted != invalid!!! We do not care!!!!
SecurityNazis: But we care!!!! Though we do not browse WWW - because it is untrusted.
and so on. Not really informative on its own. Essentially, people who do only one thing with Web - exploit trivial bugs and claim credit for doing so, so called "security researchers" - against simple users who do only surf web - intranet and internet - argue with each other, constantly failing to find common ground. Because they, well, do not have one.
All hope abandon ye who enter here.
what kind of logic is this ?
1. create your own CA and tell your customers to import the CA by clicking here (before putting them in ssl mode). It's really not much trouble to set up your own CA.
first, you are not in communication with potential customers, and they will never communicate with you and become a customer after they see that horrible ff3 warning. you wont even get a chance to tell them what is going on.
second, same goes for many potential website users that are signing up for a community.
additionally godaddy is one of the shittiest service providers on the web. so if the solution you are offering is godaddy, please, keep it to yourself, and even firefox3 too.
Read radical news here
Except that at work, we're part of the International European Grid network. We use self signed certs for everything, and if anything, our self signed certs are more secure than anything any top level CA will ever generate. ie : We enforce air-gap policies around the server that generates/signs the certificates, and a member of the grid was kicked out a couple of years ago for violating those policies.
Think any of your top level CA's do that?
We've had to start using the occasional top level CA on our more public sites due to Firefox doing this, but I'll take our self signed certs over a top level any day.
to ask slashdotters for advice in improving the draft of an explanation of cryptography and certificates that I have begun. You can find it at my website
I submit that this is not off-topic, since one point several people have made is that most people don't understand certificates well enough to be able to deal with the warning that ff3 gives, so if we could get some explanations out there, it might help the situation.
Self-signed certificates are both valid and common with internal Web apps.
We use several where I work, and there is even an internal CA that mints certs for several apps.
And Firefox works fine with these internal apps. I know where I'm going, my antivirus and such are still working, and I trust my internal developers. After all, if they screw my machine up, I'm off the hook. It's an approved app, sir. See, I don't even need an exception.
So there is this one good reason to permit self-signed certificates without undue hassle.
Sheesh. Firefox being stupid? What's next, Google exploiting our data for... wait, nevermind.
deleting the extra space after periods so i can stay relevant, yeah.
http://www.startcom.org/ provides free ssl certificates that are supported by firefox That's a free way to remove the scary dialog...
First, I think that the most important line in the article is this one:
But there is absolutely no excuse for it to be significanly less inviting to a normal user than an unencrypted site.
The FF3 behaviour will make most normal users just think, "Oh, the website is broken. I guess I can't go there." They won't even read the error message: they'll just see that there is one, and give up.
Or, depending on IE's behaviour (which I do not know in this particular case), they'll see, "Oh, I can't get to this website in Firefox. But hey, it works fine in Internet Explorer! I guess Firefox is broken, and I won't use it anymore."
Second, and probably more importantly, either you missed a very, very important demographic among those who use self-signed certificates, or otherwise don't want to pay the extortionate fees charged by the corporate CAs, or you severely misunderstand and underestimate the importance of "unprofessional" and "hobbyist" webmasters.
Just because I want to have the possibility of encrypted traffic for visitors to my website doesn't mean that I'm bringing in loads of money by said website, or that I want to spend some not insignificant sum on a recurring basis for what is, for me, just a fun hobby, for which I'm already shelling out a not insignificant sum for hosting.
I'm seriously hoping that your definition of "unprofessional webhosters" means "people running for-profit websites (that actually make a profit) who are just too cheap to actually buy a certificate," and not simply "amateurs," because it is on the backs of those amateurs that the web was built.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
I would agree that the solution is not just allowing self signed certs to be viewed without warning. However, there needs to be a way for new / not-for-profit CAs to be added to Firefox, and right now there isn't. Yes I know they have an official policy for adding CAs. There is only 1 CA that tried to be included that I know of, CACert, they app'ed in 2003, and as of July 2008 a decision still isn't made. See:
https://bugzilla.mozilla.org/show_bug.cgi?id=215243
Yet if you look at your own CA list in the Options menu, you can see things like the Taiwan Government CA, the GTE Corp CA, Swisscom Telecommunications CA, the GoDaddy Group, and others which I'm sure all of us would trust a whole lot less than something like what CAcert is trying to build.
Just my $0.2
You buy a purple T-Shirt and 6 months later purple is out of fashion. Clearly the manufacturer's fault, right?
Yes, SSL Certificates from a CA *are* expensive. Yes, you can encrypt with a self-signed cert. But that encryption is worth nothing at all. Because anyone (latest DNS vulnerabilities for instance) can easily forge these certificates, you don't know who you are communicating with in the first place. Of what use is point-to-point encryption if the man in the middle is undetectable?
Yes, it 4 clicks to define an exception rule are a pain in the ass. But because it's that painful it will cause people (like the author) to think twice before they use a self-signed cert next time. So making the web safer in the end. Don't make it too painful (will hurt adoption of product), but painful enough so that decision makers get worried. I think FF3 behaves perfectly in that respect.
Are there any other similar?
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
"Instead, it shows a [...] warning that requires 4 clicks and an 'add an exception' dialog box to bypass. This behavior means that a public web site basically can't be encrypted unless they are willing to pay an approved vendor a yearly fee for a certificate."
I don't see how the second sentence follows from the first one. If you want security you need to make sure people don't click blindly accept-accept-accept!
When you go to the store to buy beer. You must present an expensive piece of ID to show you are of age, just saying you are an adult will not get you beer. This is not really any different, except the state government not the CA's grants the certificate. Now if you are calling for the CA's to be replaced be a government agency because it might be cheaper, then maybe you are right. But self signed certificates are inherently insecure and should never be accepted. Just like no sane store clerk would sell a 10 year old beer because he shlocked together a homemade ID saying he was 21, so sane user would accept a self signed certificate. END of discussion.
you NEED encryption to provide better security (through encryption), and most importantly, PRIVACY, to your community users, clients, vpn users, whatnot.
especially in an age that almost every government has started snooping and eavesdropping internet connections.
Read radical news here
If you are to lazy to use the system like it is supposed to be used then you only weaken it. Self signed certs should really only be used for testing. If you don't want to pay one trillion dollars for a certificate, create your own authority and get your users to trust you: Tools > Options... > Advanced > View Certificates > Authorities > Import...
So what we want a certificate in the first place? Yes you the nerd on the third row! because we want security and how security can be implemented when you need to accept a self signed certificate from bad boys inc boys just chip some money (I know less beers) and buy a certificate And do not blame mozilla because they ARE RIGHT and you are SOOOOOOO WRONG
ff2 warning was just a commonplace warning. not 'YOURE GETTING HACKED !!' style overly alarming one like the ff3.
Read radical news here
exactly.
It is totally ridiculous that FF makes it easier for users to type in their credit card number on http than self-signed https.
SSL certificates provide honesty-box security
- People will come to your site
- People will come to your site
- People will come to your site
- People will come to your site
- People will come to your site
The whole PDF is a highly recommended read full of sad truths.
Unfortunately, it is VERY hard to recondition users. I don't blame Mozilla for
trying (in fact I completely agree with the change), but it will probably fail.
If you really need to use self-signed certs is there anything stopping you from including your own CA cert in a company customized version of Firefox that gets rolled out?
I'm kind of annoyed because I work for a web host and now people who use any sort of domain mirroring are going to be completely fucked rather than having a semi-dodgy box come up when their CN doesn't match the web address.
The author assumes that this is a problem that needs addressing by doing what?? Making it easier to accept self-signed certs?
As usual, the he can't see a tree because of the forest. SSL is used for two purposes, encryption and authentication. Self-signed certs, as noted above, fail the authentication test.
So the real problem then is that sites that just want to use encryption have to purchase a cert, or get what is claimed to be an obscure warning.
The issue isn't about SSL, it's about the encryption.
My first thought is that it's so much BS. The odds of someone actually listening in on your HTTP transmission is extremely small, unless you are using a wireless transmission that is not secured. To tap an IP stream would require physical access, and unless someone is an employee at a provider is highly unlikely.
But .. there still is a very slight risk.
So .. why doesn't some numb-chuck come up with a new HTTPX method that just does encryption??? Duh!!!! SSL model without the certificate. Coordinate it so that Apache and Firefox have it available at the same time. Sure, IE won't have it but it has to start somewhere.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
Is this whole thing about admins thinking that self signing a certificate is actually worth something? If you can't afford this CA stuff just don't have encrypted giberish, ok?
I mean, really. What's the point of a self-signed certificate? Name a real life scenario in which signing your own certificates makes any sense? Why should a web browser trust those sites more than a normal person would trust a guy who has signed his certificates? Because this blog writer and own blog linker has managd to somehow connect it to net neutrality?
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
nothing in the world on, or off the net is guaranteed.
its all about making it HARDER to be put in the place of a victim.
and its not only about government either. one rather eavesdrop a website's connection and get the personal details of thousands of users, than try to hijack 1-2 self signed ssl connections. personal data would fetch much more higher price on the black market.
no. im not delusional. you are careless and uninformed.
Read radical news here
here it is: you need to register though...
Who runs a business will buy a 10$ cert.
Directly contacting all your users or customers by phone or mail will cost more than 10$.
Not doing one of the above leaves users in danger and not having a clear and understandable-to-the-final-user statement from the browser gives a false sense of security.
it's not "die net neutrality, die" but "go final user security!"
Here's the problem with this gentleman's analysis:
1. Without a third-party signed certificate, you're vulnerable to a man-in-the-middle attack.
2. If you accept the connection without a warning (it's no worse than plain http, right?) the user won't notice when a normally signed site (like his bank) suddenly presents an unsigned certificate.
Then again, the user probably won't notice if a normally-encrypted site like his bank suddenly starts using plain http instead of https.
There is probably a middle ground, like creating another URL type (in addition to http and https) which encrypts but doesn't check certificates.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
and here is the link... https://addons.mozilla.org/en-US/firefox/addon/6843
I think it is quite reasonable for Firefox to say something like "the certificate is valid for the domain, but it is not warranted genuine by a third party. If you believe you are accessing a site which is not connected with banking, finance, gambling or on-line purchasing, this is unlikely to be a security risk".
Alternatively, FF3 needs a simple way to import a certificate from a trusted supplier, so I can supply one as part of the new account welcome package.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
If I share your WLAN access in a public cafe it's really no big deal to play man in the middle and exchange the presented certificate for my own.
You can't just snoop the packets, it has to be an active MITM attack with specialized software to do that. Adds a layer of difficulty. Not insignificant.
The only case where self-signed certificates can be secure is when you manually verify the validity of a certificate beforehand and save it in your cert store.
Quite a common scenario. If I frequently visit a website's HTTPS site on my laptop - e-mail provider, small online store, etc. - from home, I'll already have stored its cert. Your attack will therefore be noticed when I access it from the WLAN. It's not as good as proper SSL, but as others have said, it's a mile better than accessing stuff via http://./
== Jez ==
Do you miss Firefox? Try Pale Moon.
now, there are a lot of websites, services, whatever you name it, that would not care to (or even afford to) acquire single or (in many worse cases) wildcard ssl certs for their services on the web. they will just probably let go of self signed certs, and dont replace with anything.
it will cause easier snooping of personal details of countless millions for people, because it will be easier without any encryption to make snooping harder.
result ? personal data of countless millions going out to black market.
if you are not still aware EVEN if you get your connection hijacked by a man in the middle attack somewhere, you can freeze a bank account, you can chargeback a credit card charge, you can cancel a credit card and do many other stuff.
but, if your PERSONAL details go out in the open, your name, address, social security number, main email, parents' names, (insert whatever sensitive info as you like), you CANT cancel them or take them back or do ANYTHING to prevent them getting spread in the wild, and used for ANY purpose. there is NO way that you can do that.
excuse me, privacy is more important. this 'security' minded move by some programmers will jeopardize millions of people in an angle they never apparently have thought about.
Read radical news here
This is merely a symptom of the confusion that is inherent in SSL. SSL mixes cryptographic transmission security (nobody can sniff what's on the wire, nobody can alter the data) with endpoint authentication (the server is what it says it is). The result is that web browsers like FF abandon the exchange upon encountering a self-signed certificate, since those can be spoofed and would thus break endpoint authentication, even if you just want cryptographic transmission security.
Ideally, these features should be separated, or even better, data transmission be encrypted by default no matter whether the server is end-point authenticated or not. One could then put authentication on top, be it certificate authority based, trust network or web-of-trust based, or bootstrapped by encrypted key exchange where the key is a password or a two-factor authentication mechanism.
In a world where phishing is a considerably bigger problem then someone snooping your connection, I have to agree with how Firefox functions here. Self-signed certificates provide no way to authenticate the website which is even more important these days after the recent DNS exploits.
I think Mozilla's large "Failed!" message is much better than a default-accept of self-signed certs with a small warning message that would be ignored by 90% of users. Besides, Firefox will still allow self-signed certs after manual intervention.
ÕÕ
since it will make it harder for any third party to snoop on your connection and information is being sent. you can get your connection hijacked by only one party at a given time, but more than one party may be snooping on your connection at exactly that moment.
Read radical news here
Joe Average User does not understand SSL, self-signed certificates, or anything else about encryption and security. Even though snooping on a wireless connection is easier, in today's world, the attack Joe will MOST LIKELY face is a phishing email sent by an adversary who ultimately wants to execute a man-in-the-middle attack. Granting self-signed certificates the same status as "verified" (And I agree, the system isn't perfect by any means) would make this kind of attack even easier than it is today.
I can educate my mom to make sure "the little padlock" MUST be locked before she does anything on her bank's website. I can NOT educate her to check the certificate's contents.
For people who want encryption without authentication, the solution is not to grant self-signed certs the same status as verified certs. What we need is either a new protocol for encryption-only connections, or a user-friendly way in browsers to do this using existing protocols, for example HTTP-over-SSH.
He who laughs last, thinks slowest.
In the vocabulary of international politics, we need to "trust but verify." Which means no trust at all.
There needs to be a mechanism where a vendor or site can send you a certificate in a way that can't be spoofed. And can then be verified. Maybe it is an email, maybe it is snail mail?
What I don't like about SSL in web browsers, is that they have ignored the "verify" aspect of trust by abdicating the responsibility to a "pay for trust" regime which is bogus. If they can pay, they are trust worthy, right?
Ideally, I should be able to receive a password in the mail (or some form of communication) to unlock a "key" file sent to me from someone I want to trust. I then unlock and install that key on my system and only keys *I* trust get trusted.
It should be easy and standardized across most platforms. Anything less is broken.
If you accept a self-signing certificate without verification, you get private communication with an unknown third party. The author of the article seems to assume that such communication is useful. However if you don't want other people on your network to see the data you are sending, then why would you send the data to some unknown entity? Certainly it's no worse than a plain http connection, but it is also no better, and may provide a false sense of security. If you aren't going to provide any real security, be honest about it, save some resources, and use plain http.
Self-signing certificates are useful if you pre-install the certificate on the clients, but in that case you will not see the warning.
I have actually used self-signing certificates without pre-installing for my own personal servers, but the message is not a problem in this case. I considered the risk and consequences of a compromise low enough that it wasn't worth the effort to pre-install, especially since I can save the certificate and will be notified if it changes. However this scenario of laziness does not further the argument for creating a less severe warning. I can't think of a use-case where general users who would be intimidated by the warning should be accepting a self-signing certificate.
2) SSL(self-signed): offers encryption
But unless there is some warning about invalid certificate it is subject to man in the middle attacks. Also, unless you check the certificates every time, allowing self signed certificates would allow man in the middle attacks even against sights that have secure signed certificates.
Problems with FF 3 and online banking and my websites plesk control panel made me switch back to safari as default browser.
For this problem to be solved, the most popular F/OSS browser(s) must accept self-signed certificates. If Mozilla is unwilling to change their policies, it would be worth the effort of trying to create a *more popular* fork with full SSL functionality.
That's great, and scratches YOUR particular itch.
What about phishing?
Or did you somehow conveniently forget why this feature was enabled in the first place?
Your solution (to seamlessly, silently accept self-signed certs) opens to door wide open for attacks that impersonate well-known websites.
While providing a security warning isn't the only way to solve the problem, it is in fact a step in the right direction.
Let's weigh the stakeholders, shall we?
A) Site operators that want to save some green not buying certs and rolling them at home.
B) Clueless end users that have effectively been trained 'if you aren't warned about anything, the coast is clear'.
Mozilla chose B), and frankly I think this does the most to serve the common good.
In short, your article could well have another title - "Mozilla SSL policy bad for the Phishing" - and that would be a Good Thing(tm)
A self-signed certificate is smoke and mirrors. In any situation where I can listen in, I can arp spoof at least (or maybe I've hacked a router?) to hijack the session. Self-signed certs can be easily spoofed, because they contain the same data and raise the same warning; CA signed certs contain a CA signature and don't raise a warning, or raise warning that the cert has expired.
Replacing an SSL certificate for an active MITM attack is trivial in any case where you could otherwise eaves drop on a plaintext conversation. Self-signed certs make this attack totally invisible in most cases (100% of first time visits, and any further visit where you don't check to see if the cert has changed).
If you want SSL to work without any warnings or prompts, set up your own CA and distribute the root cert. Then you don't get used to clicking through a warning, AND you avoid a potential MITM attack.
Firefox should absolutely put up big warning lights and make it difficult to use self signed certificates. Firefox is absolutely doing the right thing. There are lots of reasons for this but the first obvious one is that a self signed certificate is completely vulnerable to a man in the middle attack.
What you really want is something else which I suspect is one of these:
- A different way make an encrypted connection between a browser and a website. This should be completely different from the current SSL/TLS/HTTPS.
- A Certification Authority that is free but does a strong validation (vetting) of who the person, or organization, requesting the certificate is.
Is non-repudiation. I think the 4 clicks is excessive, but one of the whole points behind SSL is to prove that the site you're talking to is the one you want to be talking to. Especially today with phishing, dns cache poisoning, etc it's pretty important to be communicating with a site that has a valid certificate.
Self-signed certs are fine for development or personal use. If you're using it for that purpose, you have to only accept the certificate once and you're done.
Anyways, SSL certs aren't expensive now, so if you have a need for one on your site, just go to godaddy and cough up the 30 bucks and quit complaining.
I am not a DNS expert so feel free to correct me if I am jumping to any wrong conclusions here..
It seems to me that the problem (as TFA discusses it) revolves around the use of third parties to tell your browser whether to accept the certificate in terms of authenticity.
If the concern of browsers is to ensure the server providing the certificate is the real one, why are they/we not using something like the SSHFP or CERT DNS record types. If my reading of those two is correct the system could work thus:
- user requests www.foo.com
- browser is presented with a certificate by the www.foo.com server
- certificate cannot be validated by signing authorities so
- browser validates this against the DNS/CERT and/or DNS SSHFP entries
If by this point the browser still cannot verify the authenticity of the server providing the certificate it can throw up a warning to the user. Okay so a MITM attack could provide false DNS records for particular/any domains but they could the same now and redirect a cert lookup to their own spoofed "certification authorities".
I run sites with no commercial CA. I run my own CA. It is very easy to do with openssl. The key is that the sites are used by limited clients. They are the clients own web sites used by their employees and B2B customers. Man-in-the-middle protection is essential - but the commercial CA is unnecessary. The private CA cert is distributed by other means (e.g. CD) and preloaded in the browser.
The above approach is "self signed" in the "do it yourself sense". But I think people are talking about "self-signed" in the "not signed by anyone" sense which is implemented in SSL by signing a cert with itself. Unsigned ("self-signed") SSL certs are for testing only. There is no reason not to sign your sites. Would you provide your own RPM repository over the internet, and not bother to sign the packages? Use your own CA if you don't want to pay a commercial one.
If the general public will be using your site, and you *still* don't want to pay a commercial CA, then use http://cacert.org./ Your visitors will have to install the cacert.org CA cert first, but that is better than having to preload your CA cert and trusting you to sign *any* site.
And that is the weakness with SSL. Once you load a CA cert, you trust it to authenticate *any* website (separate policies available for email). In a less monopolistic world, any cert I download from momandpop.com, would be trusted to authenticate *.momandpop.com - but nothing else. (There is still the risk of man in the middle on first contact.) I would still trust certs from the likes of Verisign to "authenticate" total strangers (as in they had a valid credit card and controlled the sites DNS at the time of application).
Furthermore, I might want to *reduce* trust in one of the default CA certs - perhaps after reading about some scandal on slashdot. I can delete a CA, but not reduce trust. It is all or nothing.
If you do not know who you are talking to, encryption does nothing to increase your security.
Citation needed. HTTP is vulnerable to both sniffing and man-in-the-middle attacks. HTTPS with a self-signed certificate is vulnerable only to man-in-the-middle attacks, which are more difficult than sniffing.
Firefox users are more tech-savvy than average. The decision to reduce web usability of self-signed sites could potentially reduce the number of non-tech-savvy user. This could damage Firefox, not net neutrality.
The first Certification Authorithy in this scenario is not Verisign, it is Mozilla. I decide to give my trust to Mozilla. If something like big police-iconified warnings occurs for self-signed certificates, I am free to deny my trust to them and change browser.
Besides, I think that Firefox should display a warning as big as that one also anytime you type a password field inside a non-encrypted site. Coherence.
Working to work less.
The real value would consist of actually attempting to verify the identities of those requesting a certificate. Otherwise it would all be pointless, and self-issued CAs would be just a s good.
;-)
:-)
You ask a couple of good questions, and I have no clear answers for you. I am not already on the CA business - in fact the goal of my original post was to gain further insight and hear suggestions on the matter.
Having said that, I am pretty sure it would be possible to establish some level of identity checks. The current model relies almost 100% on completing a financial transaction. Or in other words: paying for a certificate will almost 100% guarantee you a valid commercial certificate. I think a dedicated community could do better. And one thing which many enthusiasts are able to contribute to such a project, is TIME. Time spent on validating the identities of applicants.
Suggestions are welcome.
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
So why does the firefox GUI make a site with a self-signed certificate appear (to the non-technical user) less secure than a plain HTTP site?
Because it is insecure website that tries to pretend that it is secure.
Then why not just drop the lock icon in the status bar for HTTPS sites using a self-signed certificate?
Why does it need to be non-profit? Why can't it just be reasonably priced?
But yeah, the answer to this problem is to create a CA that isn't expensive. What IS the procedure for starting a certificate authority?
Wrong.
"The communication with this site is insecure because even though data transmitted is encrypted, you don't know if some hostile 3rd party is intercepting, decrypting, recording and possibly altering data on the way. Additionally, there is no guarantee that the certificate or the web site belongs to the organization you think it belongs to."
Then you would have to change the alert box for HTTP sites in the same way:
"The communication with this site is insecure because it doesn't encrypt the data you're sending to it. Furthermore you don't know if some hostile 3rd party is intercepting, recording and possibly altering data on the way. Additionally, there is no guarantee that it's owned by the organization that it claims to belong to."
Besides, if you accept a self-signed certificate, you at least know that you're communicating with the same party with whom you communicated before. Once somebody starts to snoop a connection for which you have accepted a certificate, the certificate will change, and you'll get another warning. Code signing in Mac OS X takes advantage of this: even if VeriSign doesn't know the publisher of a new version of the program, at least the operating system knows it's the same publisher who released the last version. So we'd have to modify your proposal as follows:
"The communication with this site is insecure because even though data transmitted is encrypted, the site's certificate has changed since your last visit. This could mean that you are actually communicating with a different organization, or that some hostile 3rd party has started to intercept, decrypt, record and possibly alter data on the way."
Why does it need to be non-profit? Why can't it just be reasonably priced?
Well, no particular reason. But I personally believe that non-profit organizations are good at focusing on the customers actual needs as well as keeping the price down. The do not need to consider "profit maximization" parameters all the time, and they never deliberately try to cripple their products or devide them into a gazillion different sub-products and product types.
:-)
And "non-profit" is not free by default. It could very well be "reasonably priced", where the level of "reasonably" is determined by the actual costs of running the service - minus what ever donations and grants the operation may get from elsewhere.
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
And Grandma doesn't care about getting secure access to your blog.
She cares about reading the news, chatting about knitting on the wool forum
And making sure that her password for the wool forum doesn't get intercepted.
sending email to the grandkids
And making sure that her password for her web mail account doesn't get intercepted.
Streamlining this process or just warning Grandma will leave her with an empty bank account in no time.
Or perhaps the warning for HTTPS using a self-signed certificate could be to the effect: "This web site is not your bank." It could treat self-signed HTTPS much like web browsers treated 40- and 56-bit HTTPS before the United States eased export restrictions at the end of the Clinton administration.
http://cert.startcom.org/
StarCom offers free SSL Certificates and is included in Firefox 3 as an approved authority.
So this is my take on all of it. To protect online commerce we need a noob-compatible "trust factor". Like some replies mention, this is achieved with the 'https' and the little lock icon (as well, now the coloured URI bar in IE). However, we also need self-signing to be a valid practice -as it was meant to be-. In this regard the error message itself is incorrect e.g. "cyote.ferrus.net uses an invalid security certificate" a self-signed certificate IS NOT INVALID. An invalid certificate is an expired/revoked/erroneous one; but I digress. The real point here is that we need two levels of trust- not a level of trust and level of distrust. There should be some way to allow a noobie user to easily identify if a certificate is signed by a CA, self-signed, or invalid. Only the third option should present itself with a horrible 5-click error message. The first option should look the "most secure", say with a lock icon and a "blue bar". The second option should have the lock icon but no "blue bar" (replace "blue bar" with whatever have you). As someone who self-signs certificates daily I had really hoped that FF3 would fix this erroneous "error" message.
The SSL model of certificates signed by a CA is a huge contrast to the SSH model, using much of the same underlying technology, of concentrating on whether a certificate has changed.
Browsers should let you know about self-signed certificates, but they should only give you a warning the first time you visit a site with such a certificate, or if the certificate has changed. Warning you over and over again about a certificate that you have chosen to trust is a lousy model that actively discourages people from using SSL.
And, while I'm on the subject, they should probably warn you about certificate changes whether they're signed or not!
It doesn't allow me to use a real address that can be crosschecked with my phone number, because my phone service is mobile and will crosscheck to my PO Box, and they won't accept a PO Box. Why my PO Box? Because I've used my PO Box as my billing address for everything for over a decade. Why? Because I've had too much stuff vanish from my kerbside letterbox, and had several thousand dollars worth of problems from someone using stolen bills to take out a credit card in my name.
Got another alternative?
StartCom Certificate Authority (http://www.startssl.com/) offers free SSL certificates, and it's root certificate is included in Firefox 3.
Encryption and authentication, while certainly related concepts, should be treated more separately in the UI.
You should be able to easily -- transparently without the user really even noticing unless they pay attention -- encrypt. No matter what, and totally regardless of whether or not the other side is sufficiently authenticated and whether or not you're vulnerable to MitM.
Remember that when you have an unencrypted connection and the other side is totally unauthenticated, with even less than a self-signed and untrusted certificate, THERE IS NO WARNING. https without authentication should not look any worse, in any way, because it is no less secure.
Anyone who claims that https with an untrusted cert should produce a warning, needs to defend the policy of there not being a warning when there's no cert at all. Good fscking luck.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Your problem is a problem with ALL security measures. If they are broken you think they are safe when they aren't. This isn't just a problem with SSL.
To get SSL vulnerable to a MITM attack, you have to be giving your credentials to the other party by the same means as your secure protocol works. If you give the MD5 fingerprint via phonecall they can trust your cert and if they did likewise, you can trust them.
Unless someone has hacked your address book and given you the wrong phone number. Or hacked your SS7 switchboard or something similar.
Then again, if they hacked your OS and changed your CA signatures for IE then you're just as boned.
One of the points of SSL is non-repudiation.
Let's change the emphasis, a bit?
Only ONE of the points of SSL is non-repudiation.
So, let's throw out everything else and discourage people from providing encrypted access to their servers?
I think that's a bad idea. I've thought that a bad idea for about as long as I've been aware of the way SSL worked.
You would get the majority of the benefits simply by performing the test "is this certificate the same as the one this site provided last time?"... and really, if certificates are cheap... and given that there have been widely publicized examples of fraudulently acquired certificates (including one for a Microsoft domain on one occasion), this test should be applied regardless of whether the certificate is signed.
The only case where self-signed certificates can be secure is when you manually verify the validity of a certificate beforehand and save it in your cert store.
And if I just want to use SSL to check my email on my private domain from a public hotspot, and have the certificate stored ahead of time?
Does it work in that case? If so, isn't your first sentence incomplete?
It doesn't hurt to be nice.
Unprofessional webhosters (good riddance)
Be careful. Would you want to say good riddance to every non-commercial web site? Should every web-based forum have to pay $$$ per year just to encrypt users' passwords on the way to the server?
You can also set browser.xul.error_pages.expert_bad_cert=true and Browser.ssl_override_behavior=2 to make it easy to accept self-signed certificates.
If you are talking to somebody who poisoned the DNS cache, masquerade the site you want to talk to, using a different self-signed certificate, you are absolutely ignorant about it: your experience will be exactly the same.
Try this use case: Start a web browser that properly supports self-signed certificates. Visit an HTTPS site using a self-signed cert. You get a (minor) warning and accept the cert. Then someone starts poisoning the DNS cache using a different cert. You get a major warning that the cert for this domain has changed.
So a man-in-the-middle attack can succeed only in the case that the first visit to a site uses the poisoned cache entry.
And making sure that her password for the wool forum doesn't get intercepted.
She probably doesn't know or care about the possibility of anything like that happening.
She might if like a lot of Internet users, she uses the same password at her bank and the wool forum.
Perhaps the answer is to scare people even more about unencrypted comms.
Bingo. But the commercial SSL CAs don't want to acknowledge this elephant in the room.
This behavior means that a public web site basically can't be encrypted unless they are willing to pay an approved vendor a yearly fee for a certificate.
Ummm...no it means that the site is encrypted, Firefox just has an odd bunch of hoops for the user to jump through.
I don't agree with the new Firefox behaviour in this regards, but the author of the article is completely wrong with that statement.
The main argument of TFA is that FF3's warning about self signed certs is egregious.
There is not an issue about warning users; users need to be warned.
What is needed is individual warnings in a drop-down bar for individual problems with certificate issues:
*(picture of green 1's and 0's alongside a red face with a line through it) This certificate is self signed; It may not be trustworthy for identification purposes, you should only trust it for data encryption purposes.
*(picture of a green face alongside a red clock with a line through it) This certificate is out of date; it expired YYYY MM DD HH MM SS ago.
*Trusted case: (picture of a green face) This certificate identifies XYZ.com as trusted by CERTCORP.com. Your data is encrypted.
Seagoon: Shut up Eccles!
Eccles: Shut up Eccles!
This is the stupidest article I've read lately. Encryption without knowing who provides that encryption, is useless. It's basically the same as no encryption at all.
For me the question is, should self-signed certificates be allowed at all by default? I think not!
Citation needed.
Here
Not everybody who reads your comment will be prepared to buy and read the entire book just to reply. Page number please, and preferably a quotation under fair use if you can.
HTTPS with a self-signed certificate is vulnerable only to man-in-the-middle attacks, which are more difficult than sniffing.
Harder does not equal more secure, just more work for the attacker.
Exactly. If your site uses self-signed HTTPS, it is less likely to get hit than someone else's site that uses plain HTTP. It's called not being the low-hanging fruit. The problem here isn't that self-signed HTTPS has a warning but that plain HTTP has no warning.
Once he has your credit card details
Of course you wouldn't put payment on a self-signed site. Third-party payment processors such as PayPal and Google Checkout have EV SSL certificates for that. Public self-signed HTTPS is more about keeping people from stealing passwords on a non-commercial forum or wiki.
This is very bad for intranets and trust coalitions. If you run a CA that is not eligible for admission to the browsers' distributed collection, then you have a problem. Admission to the distributions requires both an expensive annual audit and persuading the browser vendor that the CA has a compelling business case _for the browser vendor_. In general this includes requiring the CA to "serve the general public" and this requirement is subjective and in the control of the browser vendor.
You either buy SSL certs from the approved list of CAs, or you do without, and you follow the verification practices of that list, whether they make any sense for the business you are in, or not. At least with Windows you can integrate private CA management into AD but this is far from adequate if you have a broader community to support.
Then we have the interesting history of the EV certificate and the self-appointed group of insiders that pushed this development.
This is a lot like the oil & steel trusts of the 19th century - isn't that ironic.
The ability of this architecture to manage multi-level CAs is also very limited. Not sure of the reasons but the scaling problems involved in managing collections of subordinate CAs and providing oversight for their policies may be involved.
Typically the browsers have moved towards supporting more flexibility rather than less, but this is a glaring if tiny exception. What would be the motivation?
If this is a move in the direction of monopoly or an old-fashioned business trust, then one should be able to make some predictions. The lists in different browsers should become identical. The bar to entry should get higher and higher. The criteria for certificates should get higher and higher, increasing costs for verification which have to be passed on to the purchasers of certificates. We're on the path for some of this but not others.
Certificates are used to increase trust, self-signed certificates are pretty useless in that sense.
However, as was pointed out earlier, the big problem is that Firefox hasn't imported CACert root certificate in it's trusted database yet.
www.cacert.org offers a distributed verification system and service for making your own certificates using their own root certificate.
You basically need to find 3 members who validate your ID documents and place trust that you really are who you claim to be, and thus can be governmentally held responsible for any online actions you choose to do with the certificates you create. Hence the added trust. Validation can also be done via a trusted 3rd party, such as a bank manager or a notary.
I can see the point that people make about encryption to an un-verified certificate (like a self-signed) being, potentially 'false security', but I also think the main article has a sort of point to -
Mozilla has always warned users about self-signed certificates, but I've never liked the warning. I think they are poorly worded and confusing to people, and the latest incarnation is particularly obtuse.
There is a place for self-signed certificates, I think, there just needs to be a way to add those self-signed certs to users browsers in a better fashion. Self-signed certs are perfectly safe if you have some way to verify them 'out-of-band' - that's the tricky part.
I think the ultimate answer to this problem might rely as part of a secure DNS system. We've seen from the recent DNS cache poisoning vulnerability that the current version of the DNS protocol is starting to show it's age. Perhaps DNS needs to be re-designed to include cryptographic verification of the DNS chain, so that you can know you can trust data from DNS.
If you're defining a new version of DNS anyhow, it might be a perfect opportunity to make CAs less necessary, by allowing webmasters to put their self-signed cert into their DNS records (or maybe, that might add too much data to DNS requests, but you could at least add a secure hash so that the browser could verify the cert that the web server passes it, against the DNS record for that domain). I think there might still be a place for CAs for giving additional verification (e.g. DNS would just allow you to know you were getting the right certificate for that domain, CAs can maybe do additional verifications to make sure that the organization that owns a particular domain and SSL Cert really is who they claim to be, maybe?)
Let every DNS record be its own Certificate Authority.
It's not like Firefox makes it impossible to access a web site with a self signed certificate. It just makes it very obvious that something is wrong with the certificate, and tells the user that he shouldn't trust it to much.
No kidding. Using self-signed SSL certificates was never really all that trustworthy, but most people weren't aware of it and so just kept on using them. Firefox 3 simply brings to light what everyone with a clue already knew:
The HTTPS security model is a barely-functional hack.
Not surprisingly, a lot of people aren't happy to find that out.
There are really only two things that can solve this:
http://outcampaign.org/
The problem as I see it is that self-signed certificates are not any more or LESS secure than unencrypted http traffic. There's no reason for an additional big security warning: just treat it like normal http sites. That is, no extra visual cues, the only difference being the https in the URL. Real certificates can then have their visual cues based on their relative authenticity (automated CAs being marked as less secure, etc.) The only visual cues that should come up is big fat warnings if the certificates don't match the last time you visited a self-signed website. The only downside is amateur website creators thinking self-signed is more secure, but it doesn't hamper legitimate uses of self-signed certificates (i.e. situations where you have more direct access to clients). Plus, most amateurs should get at least a sufficient amount of training when setting up SSL to know the difference. Honestly, this would be the best way and I've never understood why there were additional warnings in browsers for something that didn't make a website any LESS secure.
The problem with this is there isn't actually anything "wrong" with those certs and they shouldn't be made to appear to have something wrong with them.
Firefox's new implementation of handling malformed certificates is a new bold step towards eliminating the most ridiculous concept of our time - security through obscurity. If you are at all familiar with the man in the middle attacks and phishing, you should understand that "this certificate is invalid" warning is not just a way to annoy an end-user - it indicates that the certificate can, or may have already be spoofed, and that your "secure" connection may not be secure at all.
This is equivalent to Apple users believing that there are no viruses for Mac OS or Microsoft users thinking that Vista's security model is annoying. Without realising it, people like you are making hacker's jobs a lot easier with your whining about convenience. Is it not enough that IE users already have a habit of clicking "OK" just to make "annoying" messages go away, without giving a second thought as to what the consequences may be?
If anything - you should be promoting the concept of open source certificate authorities, not pushing one of the best browsers to ignore unsigned certificates... Firefox/Mozilla's new handling of SSL is a breakthrough and if you don't think so - be my guest, ignore the warning message if you get one next time you go to your online banking website.
Bow before me, for I am root.
Just add an exception. Then, you'll get an encrypted connection to the self-signed site. What's the problem?
I agree it's annoying, but this is not 'bad' for the web or it's users, this is good. I'd like to know if I'm being connected to a potentially malicious SSL site that uses a self-signed cert. For instance, if my browser was encountering a URL hijacking attempt to a site like my bank, and it's using a bogus cert, I'd like to know. Otherwise, I'd most likely not know I'm being hijacked.
the only permanence in existence, is the impermanence of existence.
Parent advocates allowing the encrypted connection to the man in the middle, so that people will feel all warm and fuzzy. Good plan. Not.
Having an encrypted connection to a man in the middle is worse than having a plain-text connection, because at least with plain text there's a chance you won't get pwnt.
Consider: You <=> Man in the middle with self signed cert <=> Your bank
1. You lookup your bank's DNS entry.
2. DNS poisoning redirects you to man in the middle.
3. Man in the middle presents self signed certificate.
4. You create an encrypted connection to man in the middle.
5. Man in the middle decrypts your content and re-encrypts it in a separate conversation between him and your bank.
6. Bank lets him do whatever the hell he wants, because he has your password and he's using SSL.
7. You'll think you just talked to your bank.
FF3's behavior is utter crap: It's more than self-signed certs.
I've paid for a certificate. I've installed it on a website that uses Plesk, which doesn't correctly install certs.
IE doesn't complain, FF3 does. It's got something to do with the trust chain.
Don't bother posting the inevitable reply: "Google for certs + plesk". I've tried that technique. Fail.
I know: "FF3 developers are just so much smarter than the rest of us, we should just be grateful for their work." Screw you.
Here is another rant about this problem: The Firefox 3 SSL scam. This one takes the angle: how much money did the Mozilla Foundation get from big business (Verisign et al.) to kill self-signed certificates?
Note that in FF2, the dialog was perfectly clear, safe and simple. Nothing needed to be changed.
Well, lets try page 24: "And if he doesn't know who sent the message, then the message is pretty useless."
Nobody can really know who sent the message. Perhaps an attacker learned the server's root password or (gosh forbid) gained unauthorized physical access. All we can know is to some confidence level who or what sent a message. And self-signed SSL gives some confidence that one server sent all of these messages.
All you need for self-signed certificates to work is that they are accepted as long as the private key doesn't change. It's a GUI problem. You can hack wlans all you want if the browser pops up the big red warning signs when you inject a *different* cert for a site.
You going to tell us how you got it to work?
Because I've not been able to the two times it happened to me.
Click on the "Add an exception..." button and all the choices but cancel are greyed out. Very user-friendly that.
Kevin
Sorry, but honestly Firefox 3 s*cks. Plugin problems, tons of very nice unsupported addons, unwanted invasive features, makes older version profiles incompatible with the old version, privacy issues, etc.
If I wanted some idiotic silliness of IE I'd take IE, that's it. I'm just one user, but I'll firmly stick to version 2.
You fail to notice one problem. Who goes to an httpS address first?
Usually when going to, for instance, a bank, a user will type in the name of the bank in the URL bar. They'll get the unencrypted website. They'll then click on the login button and get thrown to the secure site. How may of them re-authenticate the URL at that point? None.
The attack is obvious: buy a cert for a real unrelated URL, intercept the initial HTTP transaction and modify it so that all secure transactions go to your phishing site. No warning messages will be displayed, and the lock will show up just fine.
Does FF attempt to see if there's an https equivalent of the site before looking for an http version? That would most likely do significantly more good then denying self signed CAs
With regards to self signed certs, you are correct in saying that an attack on a first time connection could succeed. That is why the default for these certs should be to permanently accept: this ensures that, for a repeatedly used site, the man in the middle attack would have to be continuously done for the user to not suspect foul play.
Yes. You can encrypt your connection. Thats pretty worthless if you dont know with whom you exchanged your keys. Especially in the light of the DNS vulnerability or using wireless hotspots it is pretty idiotic to claim that talking to something which you dont know is to be considered private. This screams for man in the middle attacks. And You still have the option to accept the certificate - which will increase your safety. But one should point out to the user that this is something special. I find it highly irritating that a lot of companies don't pay the small amount of money for an ssl key. I work in a company where the admins are signing the ssl key for the mail server by themself (and change it often). Thats completely great. you could hack them without them noticing it, sincer everybody is so used to clicking away trhin innocent gray warning messages . On the other hand, firefox allows the definition of own ca's doesnt it?
There is a "warning," and then there is a "WARNING: YOU MUST CLICK FIVE TIMES TO SEE THIS PAGE."
You might understand the difference between the encryption and authentication uses of SSL, but most people do not. Worse, their ignorance could provide a very effective vector for social engineering attacks.
User interface warnings are for people who do not understand what they are doing. They don't know where the trouble could come from, so the software must help them. Anything that presents a likely avenue of trouble should have a strong warning in front of it.
Those who do not understand potential avenues of trouble should be encouraged to simply stay out them. Those who do understand what they are doing will also understand the warning, and know that is ok for them to proceed.
A simple bar across the top of the page with a warning that the sites identity couldn't be verified, but that the connection was still encrypted would work just fine.
Work just fine for who? It seems to me this "issue" is basically a small number of power users annoyed about having to click an "ok" button a couple times.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
Self-signed certs ok? net neutrality? Mr. Tuck is an embarrassment to The University of Massachusetts Lowell. Obviously they should let him post anything within the bounds of the 1st amendment and academic freedom, but I hope some professor at least makes sure he takes the appropriate classes to straighten him out about how authentication and encryption work and what net neutrality is before they hand him a diploma.
On the other hand, perhaps he's just some freshman posting junk on his university-supplied web page who had no idea it would get such scrutiny on a forum as public as slashdot. In that case, shame on Chandon Seldon for posting it to slashdot and especially shame on the editors for accepting the "story".
I know, I know, "complaining about the editors? I must be new here."
TFA seems to imply that the Mozilla policy degrades HTTPS connections down to plain HTTP - Not only does it make users less secure overall by reducing the number of encrypted connections. This isn't the case - assuming you add an exception for the particular site you are accessing over HTTPS that is using a self-signed certificate, your connection to that site is still encrypted. The only difference is that you don't have the trust element that a commercial HTTPS certificate would give you. IMHO, Mozilla is quite right to add a warning to this effect to protect the masses.
It's clear what's happening, and takes a pretty braindead wizard-type approach to importing the cert. The sky is not falling. Move along.
Many popular Linksys routers are administered by pointing your browser to an https link, typically:
https://192.168.1.1/
The router presents a self-signed cert. These routers were easily administered using early versions of Firefox. Now with Firefox 3 there's lots of confusion, with many users falling back to IE.
Turns out the situation is complicated by the fact that you can easily convince FF3 that you've got duplicate certs; to get past that you've got to do some wizard-level magic to get rid of the dups before you even get to wrestle with allowing the exception for the self-signed cert. After all that, you can indeed use FF3 to administer your router. On good days.
Does using https in this case add to security? In practice, I think the answer is, "yes, to a significant degree." I'd rather have the admin traffic to my router encrypted, even if in principle a hacker with perfect timing could have gotten "in the middle" just as I was accepting the cert.
Anyway, it's another consideration.
What you are describing is not self-signed certificates, but a self-run CA. No problems there, in fact self-run CAs are pretty much the way to get around (most) of the problems of self-signed certificates. You sound interested in this stuff; you should talk to the guys who manage it.
How dare Firefox warn me that an insecure site is insecure! They are infringing on my right to have my computer infected with malware and/or have my bank account stolen!
Which is no worse than sending an unencrypted message to the wrong person. Is it bad? Sure. Is it worse? Make your case. So far, no one has.
This is what I take issue with. First of all, I want to state that I do not belittle the value of authenticating that you have the correct recipient's key. Obviously, that is highly desirable, and I agree that it is necessary when integrity is necessary.
Now let's look at the case where integrity -- being MitM-proof -- is not necessary.
No value? You would really assign absolutely zero value to that? I can think of two ways it would add some value. Perhaps neither of these is of value to you, but if you think the UI for unauthenticated but encrypted sessions should display a warning while unauthenticated and unencrypted should not display a warning, then apparently one or both of these has negative value to you.
Remember there is a key difference between encrypted-but-unauthenticated sessions (which I admit are vulnerability to a cryptographic MitM attack) and unencrypted-and-unauthenticated sessions: the encrypted one requires a cryptographic MitM attack (whereas the unencrypted one does not). Here are some consequences to that:
The more we replace unencrypted sessions with encrypted-but-not-authenticated sessions, the more cost and risk we pile onto attackers. Sure, getting those sessions authenticated is even better. But that first step, the mere use of encryption, has benefits in itself.
The Firefox team should encourage that leap forward. But if they are not willing to do that, then they should at least stop being an obstacle.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Self signed certificates are just like using WEP encryption on wireless. It makes people think they are safe, when in fact they are not. When people feel safe, they are easier to persuade to give out details they otherwise would not.
In this sense using self-signed certificate outside of closed communities is provably worse than using no SSL at all. It luls people in a false sense of security, which is the worst thing that can happen.
Yes, it is true that SSL can be used for encryption only, without verification and proof of authenticy. I could just as well use truck to commute every day, without using it's cargo hold, but nobody would ever say that is a good or useful idea(*).
(*) SUV owners might disagree, but they are becoming a dying breed anyway.
MitM attacks don't have to be at some point physically between you and your intended destination... just logically.
If I can poison your ISP's DNS cache with a bad resolution for www.your_bank.com and you accept my self-signed cert then I own you.
If I can get you to believe that phishing email that I sent ("Urgent Action required! Update your security details at www.y0ur_bank.com") and you accept my self-signed cert, then I also own you.
Neither of these attacks require me to be on a network segment between you and your ISP,but are indeed MitM attacks.
If you don't verify a certificate against something, it's utterly useless against Man-In-The-Middle attacks.
I take a server, generate my own cert and key, and present myself as that server. I then take your data, and forward it to the server, and forward the response to you.
This leaves me with all of the data, making SSL worthless.
So, yeah, I'm going to go with "moron" on this one.
My office just got hit with a rogue-DNS oriented MITM attack. Enhancing usability in this manner makes you SERIOUSLY vulnerable to such attacks. Firefox 3's behavior in this regard saved our asses, because it's what alerted us to the problem in the first place. This is no joke.
The proposed solution in the referenced livejournal link is reasonable. But in no way should you make it terribly easy, because doing so would be a lurking disaster.
... all bullshit.
Mozilla has an honest, vested interest in protecting the credibility of the little TSL (artist-formerly known as SSL and/or HTTPS) 'lock icon' in their Firefox browser.
Mozilla wants this icon to mean "by the best of our abilities, the Mozilla Foundation believe that the website you are visiting is who it claims it is."
Allowing anyone to slap the lock icon on their site subverts the credibility, and hence utilty, of the lock icon.
The browsers are so happy to make the URL bar green when it is a secure site.
Then make it green when the site is verified and encryped.
Make it blue when it's only encryped.
and make it red when it is not encryped.
And make it yellow when only something on the page is encryped.
create your own CA and tell your customers to import the CA by clicking here (before putting them in ssl mode)
How are your customers going to know the cert comes from you? As long as you're serving it from a known address instead of personally installing it your clients' browsers, couldn't the man-in-the-middle that you're so worried about just replace your cert with his own? Or am I missing something?
There is a significant difference when the eavesdropper isn't targeting anyone specifically but throwing their net wide in the hope of catching something interesting. If (almost) all net traffic were routinely encrypted, it would be much harder. As it is, encryption rather marks you as an interesting target.
"It damages the basic principle of equality among web participants." When the web participants are certificate authorities, I don't *want* equality. I want one or two well established and trusted sources. If Verisign and Joe's Cert Auth had the same level of implicit trust, we would be in trouble.
Earlier comment reads as follows: "I second this complaint."
Nothing else.
The copied post is a perfect example. The person agreed with what the critics laid out but what happened? -1 Troll. What a joke. Who is modding these boards? I guess the message is, don't disagree with the TROLLS that mod these posts. Follow the mantra to the letter or be mocked.
This site is becoming a straight up joke.
I'll try anything once. Twice if it tastes good
College-Pages.com - Online Colleges, Degrees, and Programs
So which of you complainants is going to be the first to write a gnupg support patch for Firefox?
That makes about as much sense as saying that you shouldn't bother to wear a seatbelt, because in a subset of car accidents you will die anyway.
Building a better backup.
Zettabyte Storage
ssh is vulnerable unless you set up the fingerprint of the host you're talking to beforehand.
How many times have you just ignored this warning and allowed ssh to continue?
Warning: Permanently added 'foo.bar.com,23.227.17.89' (RSA) to the list of known hosts.
If you're allowing that, it's trivial for someone to perform a man-in-the-middle attack on your connection. You have no idea if you've accepted the host's actual key or the hijacker's key.
A few years ago I griped at mozilla about this argument (about cacert.org's lack of support in fact). I made the suggestion that 'trust' is a community thing and shouldn't be left with any one individual/company. I proposed that a browser could/should a) display a particular websites's trustworthiness (and it includes it's CA) and b) a method for a user to give a site the thumbs up or thumbs down, just like any voting scenario we have. It is an easy system to implement and it would quickly reflect on bad CA's who do not check their client's certification (if at all possible).
No, you missed the point.
The point is that encryption without certification provides really useful functionality and should not be discouraged.
Encryption with certification IS better (I am not claiming that it is not), though not perfect either. The owners of www.y0ur_bank.com can still obtain certificates, and this has happened in the past.
What's the deal I love the new method that FF3 uses, using snake-oil and self-signed certificates for quite a few things it's lovely to be presented with a box which in a few clicks can add a permanent exception for this specific certificate.
Ok perhaps if your not quite clued up on things it's confusing, but it's only there to fix the legion of morons who would click though the previous warning and go shopping on a pished site.
Why? because if ( the system ) wants to notify a nearly-fatal "error" just say that:
"there is a grave issue here: blah blah blah...." and don't let the user continue
but here we just have a "self signed certified" situation. What is the no-brainer and correct ( UI science ) solution?:
say the truth, in simple words let the user choose what to do and provide a link to get more info if he want it
Example:
"This site is attempting to use a self signed certificate to provide encryption and authentication. Please read carefully the following alternatives and choose one:
[ ] See more info about self-signed certification
[ ] Cancel navegation to "https://blah.blah.com"
[ ] Continue to "https://blah.blah.com"
[ ] Continue to "https://blah.blah.com" and don't show this message again ( Firefox will remember blah.blah.com certificate )
And voila,, ready! The user is informed about the situation and he can decide what to do or get more info if he wants it. But if he wants to continue browsing his "dangerous" site without annoying freaking UI artifacts LET THEM DO IT!!!
Who put in Firefox team minds that they must be the SSL superheroes that should keep we ( stupid and ignorant ) users away of the SSL bad guys in the wild wild internet?
Learn to read, Anonymous Moron. His choices are 1) pay money, 2) pay money, 3) go unsupported. Your suggestion will not work for someone with a simple shared hosting account like his.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
There are two different issues being tackled with SSL encryption. The first is encrypting the data packets between the browser and the server, which doesn't require a Certificate Authority. The second is confirming the identity of the site, which does require an authority that can verify the existence of the entity in question.
In the case of a self-issued certificate, it would be a lot easier if Firefox and other browser simply said, "Data between you and the server will be encrypted, but the site's identity cannot be vouched for. Sensitive data should not be submitted to this site. Do you want to continue?" as opposed hyperbole about misconfigured servers, end-of-the-world psuedo-hack warnings, etc.
Phishers.
If you don't see a warning for self signred certifcates I can make a ssl website identical to citibank and pound users up the ass.
Stupid stupid article.
I bet the opinions demonstrated in the 1.759 million characters of text in this /. thread are going to convince Mozilla to change their mind and redo the code.
Startcom.org offers free ssl certs that are trusted by default with FF2 and later. You have to prove that you own the domain through an automatic process, but after that, they are just like the pay for ones (except they give an error in IE).
http://cacert.org/
Very expensive, yes.
I am really not a fan of firefox, but this it does right. The original author did not put in a lot of research nor a lot of thought.
99% of people who are on the web are NOT security experts. They're also WAY more likely to ignore subtle warnings about the identity of a site being questionable. For the average person (not the average /. subscriber) a subtle warning is completely futile in providing any security at all. The new SSL handling in FF3 is going to help....a LOT, imho.
In the overall scheme of things, which is better:
1) Having Joe User think a website is down where it isn't, which will only happen in a VERY small percentage of cases, or
2) Having Joe User provide his credit card info and SSN to a site he thinks is ok because he doesn't know any better?
One must remember that FF is no longer used only by net-savvy techie guys anymore. It has a WAY broader userbase now, and these changes are going to protect a LOT of people.
SSL without Entity Authentication is of no value.
Comment removed based on user account deletion
This website has given us no proof of who they really are. All secure (https) websites are encrypted to protect against eavesdropping, and the vast majority of them also provide proof of their identity. This one is encrypted, but there's no way we can ensure that they are who they say they are.
I would add:
Unless you know beyond any doubt that this website is the one you think it is, do not proceed. But if you do know, click _here_ and add an exception, so you won't see this message again.
Now, all we have to do is send the patch to mozilla... :-) Do you know if there is an already open bug?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
> the big problem is that Firefox hasn't imported CACert root certificate in it's trusted
> database yet.
Of course CACert hasn't asked to be imported and hasn't provided the information that would be needed to import them...
if the warning sign is too prohibitive for the non geek people and if the adding exception process is too much effort (it is), it means that practically ff3 forces usage of paid certs. and if you go for a paid cert, you dont go for less recognized certs like a moron. there are 4 mainstream certs in market, comodo, rapidssl, verisign and geotrust. you cant be sure with the comodo and rapidssl recognition rates, but geotrust and verisign are the most recognized certs. and geotrust belongs to verisign.
so in theory what you say holds true. whereas in practice, it doesnt.
Read radical news here
Kaminsky's presentation from Black Hat makes it abundantly clear that still we have a long way to go in terms of DNS remediation. Until then, man-in-the-middle attacks continue to be quite easy to accomplish.