Firefox SSL-Certificate Debate Rages On

BobB-nw points out the ever more raucous debate over the way Firefox 3 handles self-signed certificates. The scary browser warnings have affected a number of legitimate sites (such as Google AdWords and LinkedIn) that didn't renew certs in time. Lauren Weinstein loudly called attention to the problem early in July. "If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message... To get past this error page, users have to go through four different steps before they can access the website, which from a usability standpoint is far from ideal. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is."

There's another hassle too

[oDDmON+oUT]

Try going to multiple Linksys devices (WRT54Gs come to mind) with the same self-signed certificate.

This is what you'll see:

You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)

You'll only be able to set up an exception for the first one, the rest of them... so sorry so sad... unless you manually dump the certificate each time.

FF2 did not have this "feature", you could set multiple exceptions and not have to worry about it again.

Total PITA if you're working with residential users.

As long as we're complaining about browsers

[The+MAZZTer]

Let's complain about how easy it is for you to navigate to a malicious page in IE and get malware on your PC.

Seriously people, this isn't a huge deal. Err on the side of security rather than the other side, I would say.

I think Firefox's solution is the best we can hope for. If you or me can get a self-signed cert, a phishing site author certainly can. Then all of a sudden if Firefox were to accept self-signed certs, phishing sites over HTTPS look legitimate, and they look the same as every other HTTPS site that shelled out $$$ to get their certs signed by a trusted root authority. Hell it doesn't even cost $$$, there are a few root authorities that'll sign certs for free, and one is accepted by Firefox (I forget the name). So that's always an option. If you don't like adding exceptions to your own pages, get on Google and figure out how to fix it!

Certificate hijacking

[elfguy]

SSL Certificate hijacking is a real issue so it should not be underestimated. Users should not be able to just dismiss a warning dialog like they can do with IE. However I do think self signed certs shouldn't be discriminated this way. Learn more with presentation #11 here:

http://www.securitypresentations.com/#11

Re:Another Solution to Self Signing?

[csnydermvpsoft]

StartSSL offers free certificates, and their root cert is included with Firefox.

Re:Another Solution to Self Signing?

[bunratty]

The point of a certificate is not to guarantee that the owner won't do something malicious. The point is to guarantee that the only person who can decrypt the communications is the site you think you're talking to. It's a guarantee that someone else will not listen in on the conversation.

For a free certificate that works in Firefox, you can use StartSSL. For a cheap certificate that works in all browsers, you can use RapidSSL.

Why we have certificate authorities

[Minupla]

I'm going to assume that there is a sizable minority here who doesn't actually understand what is going on with SSL certificates and why they are important. So here goes:

Assume you're trying to access your online bank, and that Dr Evil is your ISP's systems admin (or anyone else who can get between you and your bank).

In the normal course of things, your web browser makes an SSL connection to your bank, validates the certificate is signed by one of the certificate authorities that your browser trusts and you're good to go.

The certificate authority check is there to prevent Dr. Evil from setting up a server in between you and your bank. In that scenario, you would connect to Dr Evil, get his key, encrypt your username and password using his key. Dr Evil then decodes the user/password and sends it onto the bank in another connection. Then he bridges the two connections, walks off with your password and you're none the wiser.

Because of SSL certificates, if Dr Evil did try it, you'd get the nasty certificate warning, and hopefully not give Dr Evil your banking passwords.

Min

Re:That's the point.

[Shikaku]

http://www.startssl.com/ Except you can get it for free.

Re:That's the point.

[swilver]

No, they are not. I'm afraid you are not as experienced as you think.

You see, self-signed certificates are only wide open to MITM attacks if the person monitoring you was replacing all certificates pro-actively before you even visited the website once. If you however have visited the site before, Firefox will warn you that the certicate has changed when a MITM changes it. At this point Firefox should display a big red warning.

Furthermore, and this is the part that people like you donot seem to grasp, there IS use for encryption beyond protection from MITM attacks. Using SSL encryption protects me from password sniffers that sit on my network, or in my wireless neighbourhood or from some comprimised router my request travels over. It protects me from some script kiddy running a network monitor seeing what I'm typing in HTTP forms. Yes, it does not protect me from a REAL MITM attack (unless of course I've been there before, and see that the certicate changed), however the sites providing simple SSL encryption just for the sake of not sending stuff in plain text are not worth attacking anyway.

Re:Worth it.

[bunratty]

If the site uses a self-signed cert and hasn't changed since your last visit, you get no warning in Firefox 3.

If you visit a site for the first time and you get a self-signed certificate, that could be the only warning that you're the victim of a man-in-the-middle attack or DNS poisoning attack. You need a warning in that case. Please read the article I link to; it explains this point clearly.

Re:Self-signed certificates are not secure

[mstamat]

Do you even know what SSL is for?

Do you?

There are many scenarios involving semi-sensitive data (access to some collaboration website, access to services only supporting basic HTTP authentication etc) where a signed certificate is an overkill.

In these cases a self-signed cert and SSL surely won't protect your data from a malicious web server. However SSL will do a great job protecting your data as they travel to get there. Without SSL, someone with access to any intermediate router can get your data with a plain tcpdump.

Of the hash of a self-signed certificate should be confirmed by a side-channel. Otherwise a MITM attack is possible. But even with the hash uncofirmed, how many people you know that are able to launch a MITM attack?

PS: Do you use self-signed certificate for the ssh server of your linux box/server? If yes, why do you even bother using ssh? You would do fine with telnet in the first place.

Unavoidable with devices

[IdahoEv]

I agree totally, the problem isn't the scary browser notices. It's websites and their poor security practices

Self-signed certs are not always "poor security practices". Consider, for example, devices like the ubiquitous Linksys broadband routers. They support ssl connections for administration, which is probably a good idea (tm).

But signed certs require a domain name, and cost real money (typically $100/year), which is probably a little much for a home user who just wants the extra security on their LAN. So self-signed certs are perfectly reasonable for uses like that.