Mozilla SSL Policy Considered Bad For the Web 897
Chandon Seldon writes "The issue of digital certificates for SSL and the policies surrounding them comes up repeatedly. I've written an article criticizing the behavior in Firefox 3, which includes a serious comparison of the current Mozilla policy — restricting encrypted HTTP to paying customers — to a violation of net neutrality."
four clicks (Score:5, Informative)
In four mouse clicks I've added that site to my exceptions list. It warned me, I read and understood the warning, I acted. I saw the https page and the web site owner didn't have to pay for a certificate.
So, the article is wrong:
"Mozilla Firefox 3 limits usable encrypted (SSL) web sites to those who are willing to pay money to one of their approved digital certificate vendors"
please add 'or click four times to add the site to an exception list'.
Re:dumb (Score:3, Informative)
I suppose you could just add an exception for the site you want to access. (Four clicks?) Or your corporate IT people could add their signing certificate to the version of Firefox they distribute.
I don't understand the "antifeature" accusation at all.
Re:This is stupid (Score:5, Informative)
My parents couldn't get past that message even after I explained it. I had to downgrade FF because they would freak out when they saw that message.
From a usability point of view its terrible.
Bad Article (Score:5, Informative)
As mentioned on the Firehose comments page about this article (http://tech.slashdot.org/comments.pl?sid=634651&cid=24461415):
If the purpose of the Firehose is to vet articles, it's not doing a good job.
Why not use a startSSL cert then? (Score:3, Informative)
For those sites, buying a certificate is possible, but the costs are high compared to the gains (as this is *only* about protection of the data, not about "being sure this is site XY). Based on the certificate IDs/hash it's possible in this environment for anyone to compare whether the certificate is a trustworthy one, or not. The certificate identification is, in this case, possible.
I don't understand this. You want to be sure that the data transfered is protected, but you're happy to have it redirected to any site.
As to the cost/benefit, how about a cert from startssl [startssl.com]? This has the cost of $0 and the benefit of being supported by Firefox. It's not supported by IE unless the user installs a root cert by hand, but then it wasn't IE you were complaining about. Firefox actually seems to be ahead of IE in this regard.
Re:I'd like to make my own decisions please..... (Score:4, Informative)
I can't speak for IE, but safari pops up a sheet telling the user that the site has an untrusted cert with 3 options: use the cert once (you'll get the warning again,) always trust this site, and don't load the page. i think this is how firefox should behave (perhaps even loading the page and then warning the user)
Re:Most clueless article ever? (Score:2, Informative)
Users are allowed to decide for themselves who they consider a trusted root. Firefox -> Preferences -> Advanced -> Encryption -> View Certificates. Add and remove root certificates to your heart's content.
The reason this discussion keeps coming up... (Score:1, Informative)
Is because people are too stupid to do any research.
If the article author had bothered to do even the slightest bit of it they would have discovered that there are already trusted CA in Firefox.
Startcom (http://cert.startcom.org) is in Firefox 2, Firefox 3 and Mac OS X 10.5/Safari 3. StartSSL (http://www.startssl.com) is in Firefox 3 and working on getting into Safari.
Startcom/StartSSL got into Firefox by following their approval policies. It is perfectly possible for any other provider to do the same, they merely have to bother to comply.
Re:no it does. (Score:2, Informative)
SSL isn't meant just for encrypting pages,
But that is all many of us need or use it for, just the encryption. Just because we do not need the identity verification, should our users have to step through three separate extra clicks, where each of those clicks carries a more dire warning against doing so than the last, including one that says "Help! Get me out of here!".
Re:no it does. (Score:5, Informative)
As the article says. SSL does both. FF3 in particular makes the first completely unusable for no good reason. The web would unquestionably be more secure if all http servers switched to using self-signed SSL certificates in place of unencrypted connections.
The $10 certificates have essentially no value over a self-signed certificate. The only reason they even exist is that browsers make it so hard to use self-signed certificates.
The correct behavior is to allow self-signed certificates with no warning at all, but not display the yellow bar/padlock that CA verified SSL certificates do. Then they should drop support for all signing authorities that have only an automated check for domain ownership, since they are of next to no value. Warnings should still be generated for expired certificates and probably those signed by unknown CAs.
Re:You missed a couple of very important points. (Score:4, Informative)
The FF3 behaviour will make most normal users just think, "Oh, the website is broken. I guess I can't go there." They won't even read the error message: they'll just see that there is one, and give up.
That's good. I'm fine with that. "Secure by default".
Or, depending on IE's behaviour (which I do not know in this particular case), they'll see, "Oh, I can't get to this website in Firefox.
http://projectdream.org/~lb/ie7-unknownca.jpg [projectdream.org]
IE7's error message and behaviour are slightly different - first, accessing the site anyway is a single click. However, that click will be necessary each time you try to access the site. When you want to make the trust permanent, much more convoluted steps are necessary (around 10 clicks through a variety of property dialog boxes, and even more complicated on Vista).
Just because I want to have the possibility of encrypted traffic for visitors to my website
Encrypted traffic doesn't mean much when everyone can go inbetween you and them. MITM attacks against self signed certificates are easy to do.
Most hobbyists websites do not require SSL - if you host a discussion group or anything similar to that, SSL is not required. MITM attacks are still easy, so you haven't lost or gained anything.
Or perhaps you can enlighten me with a use case for a hobbyist website that requires SSL.
Re:This is stupid (Score:2, Informative)
Self signed HTTPS: "The communication with this site is secure because it encrypts the data you're sending to it. However there is no guarantee that it's owned by the organization that it claims to belong to. [checkbox] Don't tell this to me anymore."
Wrong.
"The communication with this site is insecure because even though data transmitted is encrypted, you don't know if some hostile 3rd party is intercepting, decrypting, recording and possibly altering data on the way. Additionally, there is no guarantee that the certificate or the web site belongs to the organization you think it belongs to."
Re:no it does. (Score:3, Informative)
By all means, suggest to us a way to encrypt a website that doesn't involve SSL.
If you're only worried about form values, e.g. passwords, and dont mind if it's javascript-only, you can use a javascript implementation of public key encryption. I used this RSA one [stanford.edu] on our site until we got SSL working.
Re:trust? (Score:5, Informative)
No the author has a grip. If you haven't added the root for OpenCA go to www.openca.org with your firefox 3 and look at what you are presented with.
If you try to go forward it presents you with a HELP GET ME OUT OF HERE button an option to add an exception, then on that exception adding window it blatantly says that no legitimate website would require you to do this. In other words, it blatantly accuses all self-signed sites of being a scam.
Re:Seconded. (Score:3, Informative)
It's "attack vector", not vendor.
Re:Seconded. (Score:5, Informative)
Sigh. You don't disclose your private key to a third party when you request a certificate. You provide the public key, and the third party signs that with the private key corresponding to a CA certificate. Neither party reveals a private key to the other, or to anyone else.
Re:no it does. (Score:5, Informative)
WHat annoys about this is that FF doesn't support CACert, which is an 'Open' certificate outfit.
http://www.cacert.org/ [cacert.org]
I can buy a BS certificate from Godaddy.com for $10 and that's OK but a verified cert from CA Cert is no good. Go figure.
I run a small sideline business, and my whole yearly income would barely pay for a cert from someone like MS and the like. So I explain to my clients to click through the certificate BS. I'm after the in-route encryption; my clients know who they're connecting to.
Re:Seconded. (Score:1, Informative)
Re:Seconded. (Score:2, Informative)
You can give your cert to as many people as you like.
You should NOT give your private key.
Public and private key works together and there's no way to find a private ley from a public key and the reverse (If you find a method, you'll break all the crypto !)
Some CA can generate the private ley for you but it's not a good idea.
Best way is :
- generate a private/public key on your server
- generate a certificate demand (signed with your private key)
- send the certificate to the ca (you can use a safe way as you already know the ca cert)
- the ca check this is you
- the ca sign your certificate demand with it's private key (and I think your public key)
- the ca send you the certificate
- you install the certificate (only you can decrypt with your private key)
Re:no it does. (Score:1, Informative)
As soon as CACert improves its management system [wikipedia.org] so it can pass Mozilla's auditing process, it can be included in Mozilla products. For now, you can use a free SSL certificate from StartSSL [startssl.com]. You can also buy a cheap SSL certificate from RapidSSL Online [rapidsslonline.com] that is recognized by all popular browsers.
Re:no it does. (Score:3, Informative)
Humph.... The last two businesses I sold went for more than many people make in a lifetime. I know a thing or two about running a business. This particular business grew out of a favor for a friend; it has since then attracted a few more customers. It's still in the infancy stage and in the 'personal hobby' stage - I'm not interested in 80 hour weeks on top of my regular job. But since the business is spread through word of mouth by existing customers, trust isn't an issue - people come to me, I don't advertise for them.
So it makes sense for me to have a self-signed certificate. It's just annoying to have to explain to a secretary to click through the 'Click here and you die' warnings spewed forth by FF3 and IE7.
Warn when the cert for a domain changes (Score:3, Informative)
If you are talking to somebody who poisoned the DNS cache, masquerade the site you want to talk to, using a different self-signed certificate, you are absolutely ignorant about it: your experience will be exactly the same.
Try this use case: Start a web browser that properly supports self-signed certificates. Visit an HTTPS site using a self-signed cert. You get a (minor) warning and accept the cert. Then someone starts poisoning the DNS cache using a different cert. You get a major warning that the cert for this domain has changed.
So a man-in-the-middle attack can succeed only in the case that the first visit to a site uses the poisoned cache entry.
Re:Seconded. (Score:3, Informative)
I strongly disagree. Maybe my surfing passes through Sweden [ecommercetimes.com], China [greatfirewallofchina.org] or USA? [wikipedia.org]
If I surf encrypted sites there's quite a good chance they won't log more than some traffic from that IP to mine. Unencrypted they'll get the whole URL and cookie history. Yes, they could man-in-the-middle me, but that's likely to remain an exception for some time. For now,"encrypt first, sign later" sounds like moving in the right direction to me.
Re:Seconded. (Score:2, Informative)
By the definition of Terrorist in your sig, I was a terrorist in the minds of my athletic opponents back in high school, and Almighty God is a terrorist in the minds of many followers of the western religions including and descending from Judaism. Oh, throw great white sharks in as terrorists too, as being killed by Al Qaeda holds about the same probability as being attacked by Jaws. Yet in this case, the fear of Jaws is likely much greater than that of Al Qaeda.