Mozilla SSL Policy Considered Bad For the Web 897
Chandon Seldon writes "The issue of digital certificates for SSL and the policies surrounding them comes up repeatedly. I've written an article criticizing the behavior in Firefox 3, which includes a serious comparison of the current Mozilla policy — restricting encrypted HTTP to paying customers — to a violation of net neutrality."
One Question (Score:5, Insightful)
This is stupid (Score:4, Insightful)
The whole point of SSL is to have some assurance that you are connecting to whom you think you're are connecting to.
While the model of paying a CA to assure your identity is not perfect by any means, ignoring the issue isn't either. Many slashdotters seem to have a hard time getting this.
IMHO, the system in Firefox 3 is superior. While self-signed sites are blocked by default, it is not easier to explicitly trust a self-signed SSL site. In the past, most people would just click past the nag dialog when it popped up.
This causes real problems. (Score:4, Insightful)
I encourage all of my users to use Firefox by including it on our PC images, showing them it's cool features, and letting them know about how it's more secure. I've been running into problems with self-signed SSL certificates though.
I run a router/firewall based on the Untangle software, which in turn is a modified Debian/Knoppix setup. It also does VPN, based on the open source openVPN software, and it uses self-signed SSL certificates for it. While I don't mind adding our firewalls to a safe list, my users freak out with all of the warnings and aren't sure what they should do. I've been telling them to use Internet Explorer, but it makes my skin crawl to say it. Hopefully the Mozilla team will reconsider their position to make their software more open-source friendly.
Average user and security (Score:5, Insightful)
The average user doesn't notice any security feature unless it is in their face.
Given the number of phishing sites out there, it could be argued that every additional slap to the face that a user would have to get through in order to get to a phishing site (known phishing site, self-signed SSL, acknowledge that you are a fucking retard for bypassing the last two warnings, etc.) may be worth it.
Just remember that just because the precepts of net neutrality (all bandwidth is equal) means that we should let a user shoot themselves in the head doesn't mean that we shouldn't at least make a passing effort to put a safety on the gun they are using.
Re:One Question (Score:1, Insightful)
Exactly.
A "secure" and encrypted connection to a compromised or malicious server is worthless.
Re:Seconded. (Score:5, Insightful)
This is bullshit.
It's not like Firefox makes it impossible to access a web site with a self signed certificate. It just makes it very obvious that something is wrong with the certificate, and tells the user that he shouldn't trust it to much.
Now, who uses self signed certificates or certificates signed by an internal CA?
* Test environments (not an end user scenario)
* Unprofessional webhosters (good riddance)
* Companies with their own CA (they can preload the certificate)
* Hobbyist systems (they can reconfigure their browser)
In the end, the only ones hurt by this are unprofessional webhosters - and i don't think anyone should care about them.
Re:One Question (Score:5, Insightful)
While he may have a valid point, I resent and disagree strongly with the author's implication that there is a profit motive to this. A bad decision, but not one made for profit.
Blocking Self Signed Certificates is GOOD! (Score:4, Insightful)
The only real use for a self signed certificate is for large institutions that already have the trust of the user (ie: universities) - but you have to assume that they havn't been compromised, because it would be easy to have a second certificate, signed by the owner of the hijacked site.
Anyways, firefox 3 does a great job, and it isn't hard to add an exception - and it isn't annoying like UAE...
Re:Most clueless article ever? (Score:5, Insightful)
There is a "warning," and then there is a "WARNING: YOU MUST CLICK FIVE TIMES TO SEE THIS PAGE." A simple bar across the top of the page with a warning that the sites identity couldn't be verified, but that the connection was still encrypted would work just fine.
Re:One Question (Score:5, Insightful)
If there was any real "trust" component, I'd buy this argument. SSL certificate authorities are supposed to be sources of trust - we trust them to have authenticated that the FooCorp who bought a certificate really is FooCorp Ltd (and not F0oCorpe). However, the only inducement most vendors need to issue a certificate these days is money.
I've successfully bought SSL certificates for companies that I had little or no verifiable connection with, from authorities that are trusted by all major browsers. Now, I obtained these with full permission of the companies in question, as a contractor, but as far as the authority was concerned, I was Joe Bloggs. They've even realised that now, and introduced the new EV Certificates - now with Extra Validation! Until of course, these get paid off as well, and we need EEV Certificates and so forth.
Using SSL for trust based on the word of companies like Verisign is pointless - you have to do manual authentication. The only use I see for them these days is transport encryption.
you cant afford to be too jacobin (Score:3, Insightful)
it is utterly stupid to go overly jacobin and enforce something on people 'for improving the security on the web', in an open source project that is made by people FOR the people.
a lot of websites, service owners, businesses using vpn and their clients and their users are going to experience hell lot of problems due to this extreme self righteousness forced upon them, if they go for firefox 3.
to be honest, despite im fighting for free and open internet, linux, open source by the means available to me as much as i can, i will be advising friends and clients to stay away from ff3 because of that certificate issue.
Re:One Question (Score:4, Insightful)
Sure, but frankly, anyone who relies on the "trust" aspect of SSL certificates today for anything serious needs their head examined. In this world, trustworthy == willing and able to pay.
The encryption is by far the most important aspect of SSL for most applications, and you can use that regardless of any issues with CAs and trust.
Re:Seconded. (Score:4, Insightful)
On the other side of the coin, it subsidizes the CA industry just like compulsory auto insurance subsidizes the auto insurance industry.
Mozilla is correct (Score:5, Insightful)
I think the author makes Mozilla's case for them, by not appearing to understand the risks, especially at a time when DNS cache poisoning has become unusually feasible. E.g., the statement
is simply not true for clients of unpatched DNS servers. It's much easier for an attacker to get a remote user's traffic redirected to a host of his choosing than it is for him to snoop on that user's traffic. Volume-based attacks on DNS become increasingly easier as bandwidth increases, and people who operate botnets have a good chance of poisoning a cache even on patched nameservers, simply through brute force. Meanwhile, that smaller class of attackers who are in a position to actually snoop on traffic are also in a position to use an arp spoofing attack. Encryption is simply not useful without knowing whom you're encrypting to.
If you're feeling lucky, you can always add the exception. You can also sign your certs with a CA cert, and import that into your certificate database. Of course, anyone who trusts that CA cert also trusts you not to generate bogus certs for bankofamerica.com, etc... The solution to the problem is not to make the browser more trusting by default; it's to migrate away from X.509 to a PKI that allows domain owners to generate certs at no additional cost, such as a DNSSEC-based PKI.
I think Mozilla has it 100% right.
No, it is not considered bad for the web.Blogrant. (Score:5, Insightful)
I originally meant to post this as a comment to the blog post, but apparently the author does not care about testing their commenting feature. This alone should already tell you stories about how much thought he puts into this stuff.
-+-
Why in the world are you singling out Mozilla in this ? Every browser has this policy.
Every browser has avenues to add new root certs, too (I can just create my own CA, offer the certificate file on the web, and let users install that; all future communication with a site that has a certificate signed by that CA will not be bothered with these error messages). This may not be 100% convenient, you are correct. But it's not as if it was hard to do if you want to give your users the option of using encrypted sessions.
Oh, and there IS a way to get your shiny new non-profit CA into the main Firefox builds. All you need to do is comply with their procedures and requirements -- which include policies on how you verify the identity of the certificates you sign, how revocations work, etc., and requiring specific minimum requirements in these. If you think you can run a proper CA for free for everybody with proper identity checking and day-to-day operations, do it and get it added !
The default position Mozilla takes is quite simply that the CA should verify the identity of the entity the certificate is being issued to. You may not think that it is important for this to be such a prominent user interface feature, but many people do. Every user can add an exception for your site, you can add a CA of your own, you can get certified by a nonprofit CA (good luck finding one; I agree that most of them are scumbag operations that try to extract as much money from you as possible, but I have yet to see a proposal which both ensures identity checking and revocation management while being completely free ... Maybe you'll find a way).
This has nothing to do with network neutrality. Nothing at all. A more proper comparison would be comparing this situation with that of 2nd-level domain names. You can't get a .com domain for free, either. Nor a .net or .org or most of the country TLDs. You can open up your own Registrar (but will still have to pay dues for domains registered), just as you can open up your own CA. It'll be a rocky road, and it'll not be free -- least of all in work required.
My sites work just fine with SSL certs signed by my very own CA. Firefox displays them just fine (either by adding the root cert of my CA to it, or by simply adding an exception). All other browsers work fine, too. If you have visitors or customers that require validation of your certificate by a third party, you are SOL. But then again, you also would be were the warning worded differently (and there SHOULD be a warning for a certificate that is not signed by a trusted CA or one which you explicitly told the browser to trust. No matter what. Self-signed certs are alright for encryption, sure, but I want my browser to have a default setting of warning me when something is happening that very well could be an attack; especially when I have taken care to add a specific trusted CA (say, the one by my university).
-+-
SSL with unsigned certs makes little security sens (Score:1, Insightful)
I've written an article criticizing the behavior in Firefox 3 [...]restricting encrypted HTTP to paying customers
Unfortunately, self-signed SSL certificates are vulnerable to man-in-the-middle attacks - for example, dodgy coffee shop WiFi, airpwn [evilscheme.org], DNS cache poisoning, corrupt ISP employees, ISP/government conspiracies, and so on.
Now, if it's just you and some friends using your server you can e.g. memorise the key fingerprint. But then, you can also add the self-signed key at whatever computer you happen to be using.
If you're facing a larger audience, however, self-signed certificates do not provide sufficient security as, though they protect against passive snooping, they do not protect against the very real risk of active (man-in-the-middle) snooping.
If you think Mozilla should have redesigned the SSL security model into a web of trust that's all very well, but frankly beyond Firefox's scope IMHO.
Re:This is stupid (Score:5, Insightful)
The whole point of SSL is to have some assurance that you are connecting to whom you think you're are connecting to.
No. As TFA says, there are 2 points to SSL. 1 is to provide confidentiality (encryption) the other is to authenticate the server to the user. A server with a self-signed certificate provides protection against passing (but not active) snooping. This is worse than what a real, trusted-third-party signed certificate provides, but it is better than no encryption at all!
So why does the firefox GUI make a site with a self-signed certificate appear (to the non-technical user) less secure than a plain HTTP site?
IMHO TFA is very much correct this is a problem. The solution is not obvious, because users are used to the lock icon and may not understand the concept that confidentiality and authentication are 2 separate protperties, so how do we design a GUI which does not mislead him.
Re:This is stupid (Score:5, Insightful)
I think that's exactly the point. If you can't understand what a self signed certificate is, you shouldn't be accepting them.
Re:Most clueless article ever? (Score:2, Insightful)
When it comes down to it what the user need to know is, is there 3rd party verification, which is what a CA will provide.
The Lock only indicates that encryption is used, it doesn't indicate 3rd party verification. What's really needed is a different "security lock" that indicates 3rd party verification, because that check is what is really needed for users.
Re:This is stupid (Score:3, Insightful)
While I like Firefox 3, I find it annoying that I have to accept a self-signed certificate forever. I'd much prefer to accept it from my current session only. Accepting it forever seems a little insecure to me.
Regards
elFarto
Re:Most clueless article ever? (Score:1, Insightful)
The problem is that the padlock icon was invented to indicate an encrypted connection. Some clueless idiot then decided that it meant a verified certificate.
What the clueless idiot should have done is invent a second icon, a big green tick, to signify a verified certificate in conjunction with an encrypted link.
It's too late to change it now. Maybe the next best thing is for firefox to do away with the warnings and in the case of an encrypted connection display nothing extra. Only display a padlock if a chain/web of trust can be established for the certificate.
Accept self-signed certs and I hack you in no time (Score:5, Insightful)
Re:One Question (Score:5, Insightful)
CAs do very little to ensure that the site you're connecting to is really the one it claims to be. So SSL is almost useless for authentication and trust. It's worth using it only for encryption and self signed certificates are as good for that as the ones you buy with money.
As a webmaster and owner of a site that uses SSL I second the author's proposal and more: let's stop pretending CAs can ensure the identity of the communicating parties, shut them down, save money and use SSL only for encrypting data.
Re:This is stupid (Score:2, Insightful)
Self-signed certs are still strictly more secure that completely unencrypted traffic. If it warns you about a self-signed cert, then it should warn you /every/ time you visit a completely insecure site. In reality, it should just accept self-signed without indicating that its secure, and have an icon for people who know/are expecting self-signed certs to indicate that is what has been given.
Re:This is stupid (Score:4, Insightful)
The people who don't understand this are not IT people who are going to be futzing with self-signed certs, or are IT people who need to clue up and understand the implications of using self-signed certs.
no it does. (Score:5, Insightful)
It's not like Firefox makes it impossible to access a web site with a self signed certificate. It just makes it very obvious that something is wrong with the certificate, and tells the user that he shouldn't trust it to much.
there close to a billion people on the net that wouldnt tell what to do when faced with such a disastrous looking warning as ff 3 prints out when met with a self signed ca.
also there are equally many people that would rather skip visiting/subscribing to a site when they see the hassle ff3 puts out.
therefore many small service providers, businesses, communities that would not afford a decent certificate will be hurt in all respects, not to mention many users.
excuse me, but this is a very stupid, self righteous and jacobin move.
that is the EXACT kind of thing slashdot criticizes almost EVERY government, country, organization, corporation for, yet, you people are actually applauding it in this case.
Re:Most clueless article ever? (Score:3, Insightful)
I think it is. Half of SSL is about encrypting a connection, the other half is about knowing whether you can trust the other side. What the article suggests (that SSL connections when the other side uses a self-signed certificate should give no warning) would completely destroy security of the Internet.
If self-signed SSL sites were indentified similar to "trusted" sites, then yes. But self-signed SSL certificates are a good step up in security over HTTP. For example, anyone only able to wiretap won't get anything at all. Intercepting streams for a MITM is a much more difficult thing to do, particularly if you're talking large volumes in real time. Also you'd get uh-ohs like "This site is now using a different key than last time" and some would compare fingerprints through some other secure channel so mass MITM would easily be detected. To take a stupid analogy, HTTP is the postcard, self-signed is an envelope and trusted is Cerified Mail. It's rather dumb to block the envelopes because people might be misled to think they're secure...
Re:trust? (Score:3, Insightful)
Re:This is stupid (Score:5, Insightful)
Re:One Question (Score:5, Insightful)
No.
Seriously, stop being a retard.
If I'm connecting to my bank, and I get a certificate that matches the domain name and was signed by a widely trusted 3rd party, that gives me much more confidence than selecting some bozo's self-signed certificate.
Does it guarantee the identity and trustworthiness of the entity? Not absolutely, but it's a whole hell of a lot better than just encrypting comms and sending them to whoever happens to be running a man in the middle attack today.
Re:One Question (Score:5, Insightful)
The problem with this is that it does not guarantee that your connection is actually encrypted. There is a reason why CAs where created and it has a lot to do with ensuring proper encryption. Basically a man in the middle attack can with self-signed CAs fake the user into accepting their CA instead of the website's CA. You now have the illusion of security and encryption which some would consider worse than no encryption at all. To the end user they would be identical and while there may be a complaint about different keys, if the user went to the site before, most users would probably ignore them (especially after they seem them a dozen times for legitimate sites that for some reason changed their keys).
Re:no it does. (Score:5, Insightful)
SSL isn't meant just for encrypting pages, it's meant for verifying identity also.
There are two solutions to this problem.
1. create your own CA and tell your customers to import the CA by clicking here (before putting them in ssl mode). It's really not much trouble to set up your own CA.
2. buy a cheap ass certificate from godaddy for $10. Your domain registration likely costs this much as well, but we don't complain about that, do we? The service is actually worth $10.
Without the above, the ff3 presentation is correct, the certificate is bad and should not be trusted. Otherwise you're in real danger of man in the middle attacks.
Number of holes in the author's argument (Score:5, Insightful)
A.) You don't need to buy certs from Mozilla, you can buy them from any number of CA's, for as little as $10. There are some free CA's, as well.
B.) This isn't in any way related to network neutrality.
Re:Seconded. (Score:5, Insightful)
Except that there is nothing compulsory about ff. You are free to trust any certificate you want, the browser merely warns you that it could be a bad idea to do so.
Re:This is stupid (Score:5, Insightful)
Let's do it with alert boxes.
HTTP only: "The communication with this site is insecure because it doesn't ecrypt the data you're sending to it. Furthermore there is no guarantee that it's owned by the organization that it claims to belong to. [checkbox] Don't tell this to me anymore.
Self signed HTTPS: "The communication with this site is secure because it encrypts the data you're sending to it. However there is no guarantee that it's owned by the organization that it claims to belong to. [checkbox] Don't tell this to me anymore."
CA's signed HTTPS: "The communication with this site is secure because it encrypts the data you're sending to it. Furthermore [the name of the CA] guarantees that the site is really owned by the organization that it claims to belong to. [checkbox] Don't tell this to me anymore."
However one has to be really naive to believe the guarantee part of the last statement or that CAs are willing to have any legal responsibility for the claims they're issuing with any certificate. Actually that third alert box might be harmful as it perpetuates the delusion that certificates do anything about authentication.
Eventually it's not a problem of GUIs but a problem of understanding what certificates are really for.
Re:four clicks (Score:3, Insightful)
"Grandma won't know what the hell to do"
And Grandma doesn't care about getting secure access to your blog.
She cares about reading the news, chatting about knitting on the wool forum, sending email to the grandkids and accessing her bank account. Only the last one requires encryption, and for that you want full third-party authentication.
Streamlining this process or just warning Grandma will leave her with an empty bank account in no time.
I'm perfectly fine with this behavior... (Score:2, Insightful)
I'd rather see this than something that doesn't stand out, or nothing at all when accessing a site that's self signed.
Yes it can be a nuisance if you visit a lot of sites that are self-signed, however, if you're browsing habits are more corporate style, then it's good to know you're going to be warned if something's not quite kosher.
Re:no it does. (Score:3, Insightful)
there close to a billion people on the net that wouldnt tell what to do when faced with such a disastrous looking warning as ff 3 prints out when met with a self signed ca.
Find five. There's nothing disastrous in that message. The icon doesn't even have a red exclamation point. It states quite clearly what's gone wrong and offers the option to get past that. If a small business needs to self-sign their certs then a little education of their users prior to switching over to the SSL channel would quickly remove any reservations they might have about proceeding.
Furthermore, I want to know when I'm encountering a self-signed cert. A man-in-the-middle attack over SSL via self-signed certs is trivial. Spoofing the real, CA signed cert is a bit more difficult. So by notifying the user about the state of the SSL cert Firefox is doing good.
that is the EXACT kind of thing slashdot criticizes almost EVERY government, country, organization, corporation for, yet, you people are actually applauding it in this case.
Slashdot criticizes stupidity. Mozilla has not been stupid here. The problem is a lack of understanding why people SHOULD be notified about self-signed certs before they use them and the security implications thereof. Those who use self-signed certs that are angry at Mozilla should probably do a little research before they start throwing stones.
Re:One Question (Score:4, Insightful)
The question you should ask is why is a website using a self-signed certificate presented to the user as *less safe* than one that is sending all information in the clear?
Re:Seconded. (Score:2, Insightful)
But you only have a handful of clients, who know that you're trustworthy, so it's a non-issue for you.
Re:One Question (Score:3, Insightful)
This is exactly the point I was going to bring up. If you have access to install a certificate on a web server, you most likely have access to an admin-like email address, which is really all that is needed to get a "trusted" cert. One of the companies I use will validate by email to a domain contact or alternately to root@, postmaster@, webmaster@, admin@, etc. (a list of about a dozen they will accept).
SSL is useless for initial authentication, however, like most SSH implementations, if it were made easy to accept the cert and then you got an exception if and when the cert changes (DNS attack, mitm, site pwned, etc.), I would find it useful. Of course, "average users" would probably not find this behaviour in any way meaningful.
Re:no it does. (Score:5, Insightful)
same argument everytime (Score:3, Insightful)
what kind of logic is this ?
1. create your own CA and tell your customers to import the CA by clicking here (before putting them in ssl mode). It's really not much trouble to set up your own CA.
first, you are not in communication with potential customers, and they will never communicate with you and become a customer after they see that horrible ff3 warning. you wont even get a chance to tell them what is going on.
second, same goes for many potential website users that are signing up for a community.
additionally godaddy is one of the shittiest service providers on the web. so if the solution you are offering is godaddy, please, keep it to yourself, and even firefox3 too.
Re:you cant afford to be too jacobin (Score:2, Insightful)
This is ridiculous. No, really it is.
First of all, this is just a warning, like the one in FF2. It's just not in the same place. I really don't understand the issue here. (It is scary? So as long as you don't know the possible danger, it's OK to cross the road?)
Secondly, if a person don't understand this is just a warning and he can bypass it if he trust the site to be safe, I wouldn't let him go without warnings. It may restrain his access for one or two site, but he would be safer until he know better.
Re:no it does. (Score:4, Insightful)
What's the point of encryption if you can't protect against man in the middle attacks? It might as well be security by obscurity at this point... what exactly are you getting out of your encryption if you can't guarantee that no one is sniffing your packets?
Re:no it does. (Score:3, Insightful)
Find five. There's nothing disastrous in that message. The icon doesn't even have a red exclamation point. It states quite clearly what's gone wrong and offers the option to get past that. If a small business needs to self-sign their certs then a little education of their users prior to switching over to the SSL channel would quickly remove any reservations they might have about proceeding.
that is to you. a registered slashdot user, who is probably working in an i.t. related field, or geeky enough.
i hate to break it to you pal, but we dont constitute the majority on the web. we are at best a noticeable minority. web is comprised of billions of internet users that cant tell firefox from ie, leave aside recognizing that 'there is nothing wrong' with that message.
to average web user, that warning would mean 'youre being screwed, run away from this website asap', REGARDLESS of what technicalities the contents of the warning says. they wont understand a zit about those technicalities anyway.
Re:no it does. (Score:3, Insightful)
SSL isn't meant just for encrypting pages, it's meant for verifying identity also.
By all means, suggest to us a way to encrypt a website that doesn't involve SSL.
There are two solutions to this problem.
1. create your own CA and tell your customers to import the CA by clicking here (before putting them in ssl mode). It's really not much trouble to set up your own CA.
Right, so you'd favor asking users left and right to add CA's from potentially very insecure sources (how well does the average website secure their root cert?). If this would actually catch on I'd predict the entire system to crumble in a few years.
2. buy a cheap ass certificate from godaddy for $10. Your domain registration likely costs this much as well, but we don't complain about that, do we? The service is actually worth $10.
Without the above, the ff3 presentation is correct, the certificate is bad and should not be trusted. Otherwise you're in real danger of man in the middle attacks.
I'd agree it's not that costly. However FF3 did go a little bit over the top on self-signed certificates. I need to use those from time to time and having to click through like 5 times before even getting to the site is a major hassle. Sure show a warning, show some visual cues, but there's something like too much of a good thing. If a user really can't tell the difference between a self-signed certificate after giving them a warning and using completely different icons/colours from other SSL-sites, perhaps that user needs his head examined.
Even if I make allowances for stupidity, I can't see how FF3 is now more secure. If someone is willing to ignore all those visual cues and warnings, they're probably equally willing to accept a scammer's word that their browser is buggy and they just need to click through five times "because of a configuration bug" or something like that. Phisher mail could start including detailed instructions on how to bypass firefox's warnings, I bet they will at some point.
Re:One Question (Score:5, Insightful)
Exactly.
A "secure" and encrypted connection to a compromised or malicious server is worthless.
Exactly! My accountant needs some documents from me. Rather than email them I have them up on a secure site. If my accountant connects to the wrong site I really don't care, he's not going to find the documents he needs so he's going to give me a call and ask where they are.
Self signed certs are for when you want to do the encryption but you're doing the authentication via other means.
I've used this in the past (although not to my accountant).
At the very worst, a self signed certificate is no worse than a plain HTTP connection.
If we didn't have plain HTTP at all then we would consider sites using self signed certificates as secure (or insecure) as a plain HTTP connection.
Tim.
Re:Seconded. (Score:5, Insightful)
On the other side of the coin, it subsidizes the CA industry just like compulsory auto insurance subsidizes the auto insurance industry.
Driving is a privilege not a right. Unless you have the money to cover any damages you may cause, it is absolutely necessary to have insurance. The cost of barebones liability coverage is not that high assuming you have a relatively clean record and if not, you probably shouldn't be driving. It seems that today the idea of personal responsibility is falling out of favor.
Re:Bad Article (Score:5, Insightful)
<flame mode="on">
In all seriousness, fuck you. No, really, fuck you. I am a graduate student. My only support comes from the part time job that I have to pay my tuition and my bills, and a grant for my research. I research computer security. To say what you have said shows zero understanding of computer security, encryption, user behavior, and accountability. Go suck a big fat one.
</flame>
This is the ultimate problem with your post. Before I tear it a new asshole (and I'm going to tear it a new asshole - nothing personal, but I hate posts that masquerade ignorance as wisdom), know that the reason that Mozilla is doing this is because security professionals, by and large, do not build the web and are not the majority of the people. This is why they are so picky about security. I have spoken to security professionals and the overwhelming consensus is that accepting self-signed certificates by default is bad. Very bad. Break the whole security and user trust in SSL bad. If user trust in SSL is broken, then we have ultimately failed.
Community websites can walk users through installing the proper certificate instead of relying on users to override a secure default for certificates. They can teach the users about the importance of verifying certificate fingerprints (to avoid a man-in-the middle). If they release software, they can bundle their certificate with the software. If there are small businesses, they can install their CA on their user's machines. This then becomes a non-issue. In a secure setup, these entities will generate a self-signed root CA certificate (like any other CA), push that to their users, and then sign the certificate for their website with this CA certificate (thus providing the ability to revoke the encrypting certificate should it become compromised and allow certificate updates/refreshes completely hands-off of the client). <flame mode="on">If you knew anything about SSL, anything at all, you would know this. Instead you assume, and make yourself look like the twit you are. Users hurt by this policy? It's the same policy (a bit more stringent, but the same policy) that the other browsers have.</flame>
If they used the certificates securely, understood how SSL worked, and did research, this would be a non-issue. I am not clueless about how people use SSL. I am saying that they are using it wrong, and Mozilla is doing the right thing here. Here's a roadmap for anyone who cares to learn about how to do this properly:
You missed a couple of very important points. (Score:5, Insightful)
First, I think that the most important line in the article is this one:
But there is absolutely no excuse for it to be significanly less inviting to a normal user than an unencrypted site.
The FF3 behaviour will make most normal users just think, "Oh, the website is broken. I guess I can't go there." They won't even read the error message: they'll just see that there is one, and give up.
Or, depending on IE's behaviour (which I do not know in this particular case), they'll see, "Oh, I can't get to this website in Firefox. But hey, it works fine in Internet Explorer! I guess Firefox is broken, and I won't use it anymore."
Second, and probably more importantly, either you missed a very, very important demographic among those who use self-signed certificates, or otherwise don't want to pay the extortionate fees charged by the corporate CAs, or you severely misunderstand and underestimate the importance of "unprofessional" and "hobbyist" webmasters.
Just because I want to have the possibility of encrypted traffic for visitors to my website doesn't mean that I'm bringing in loads of money by said website, or that I want to spend some not insignificant sum on a recurring basis for what is, for me, just a fun hobby, for which I'm already shelling out a not insignificant sum for hosting.
I'm seriously hoping that your definition of "unprofessional webhosters" means "people running for-profit websites (that actually make a profit) who are just too cheap to actually buy a certificate," and not simply "amateurs," because it is on the backs of those amateurs that the web was built.
Dan Aris
T-Shirt (Score:4, Insightful)
You buy a purple T-Shirt and 6 months later purple is out of fashion. Clearly the manufacturer's fault, right?
Yes, SSL Certificates from a CA *are* expensive. Yes, you can encrypt with a self-signed cert. But that encryption is worth nothing at all. Because anyone (latest DNS vulnerabilities for instance) can easily forge these certificates, you don't know who you are communicating with in the first place. Of what use is point-to-point encryption if the man in the middle is undetectable?
Yes, it 4 clicks to define an exception rule are a pain in the ass. But because it's that painful it will cause people (like the author) to think twice before they use a self-signed cert next time. So making the web safer in the end. Don't make it too painful (will hurt adoption of product), but painful enough so that decision makers get worried. I think FF3 behaves perfectly in that respect.
Re:Seconded. (Score:5, Insightful)
It's hardly a "mere" warning; it's a gigantic stop sign.
If a little yellow bar like the "remember password" bar came down and said "this site is encrypted, but its identity cannot be authenticated. Be aware that, like any normal (http) website, this one may not be from who it says it's from" then it would be completely different. Instead they interrupt the browsing experience with a very unfriendly message that non-tech people will not have a chance of understanding.
This is bad because, as the article says, some sites will end up having to buy certificates when in fact they don't need one, and others will end up not using encryption when in fact they should be.
Bear in mind the three levels of security:
1) no-ssl: offers neither encryption nor authenication
2) SSL(self-signed): offers encryption
3) SSL(3rd party signed): offers both
why is that that no.2, which is a significant improvement on no.1, generates such a severe warning message?
Re:Seconded. (Score:2, Insightful)
Our school uses a self-signed certificate for the courseware.
Than tell the admins to fix it. School environments are hard to do, because you have a lot of non-standard clients. So a public cert would probably be better for a school than an internal CA (which would make sense for a company).
Again: Firefox and IE both give a very stern warning that what you're going to do is potentially risky. This is the *RIGHT* thing to do - if that wasn't the case, with the recent DNS issues it would be easily possible to spoof https://www.yourbank.com./ [www.yourbank.com]
Basically, don't blame Firefox if your cost-cutting measures break on you - it's your own fault.
Re:This is stupid (Score:2, Insightful)
Accepting it each time you connect is worse. Once it's accepted, ANY CHANGE will throw a warning. The change is what is important. Otherwise, once you start accepting temporarily every time for a given site, when some one posts a man in the middle attack, you'll have no clue
Re:no it does. (Score:5, Insightful)
From the article:
'This ignores the value of simple encryption. Snooping a connection (i.e. on a wireless link) is much easier than any of the impersonation attacks that SSL authentication prevents.'
You are acting as if security is an all or nothing affair. There is no such thing as totally secure. Every step just raises the bar.
Also, there is an open CA that Mozilla doesn't include either. It performs the same domain verification that godaddy and others perform, checking that you have control of the DNS for the domain.
Re:Seconded. (Score:4, Insightful)
If you run a self-signed certificate you still can get the man in the middle protection.
There is no difference there, the only difference is that you don't have to pay for a certificate from a well-known root CA. The "insecurity" of not using a well-known CA is only a commercial stunt.
As a web admin you will of course also have to maintain the certificate store, but that may be very easy if you only have a handful of clients. And if you have a handful of clients you may install the root certificate in a controlled situation on the clients, so not even there you have a big problem with insecurity.
Re:One Question (Score:3, Insightful)
From TFA:
'This ignores the value of simple encryption. Snooping a connection (i.e. on a wireless link) is much easier than any of the impersonation attacks that SSL authentication prevents.'
He is right. Since when is security an all or none affair? Security is about making it more difficult to attack with the understanding there are always attacks you can't protect against. An alert saying that 'a secure connection is established but the identity of this website has not been verified by a central authority' (and an option to add to a domain whitelist) would even be ok to make the distinction but not the current prompts which more or less say the site is a scam.
The bigger problem is that there is an open CA that verifies ownership of the domain and firefox does not include them. Verifying domain ownership is all numerous commercial CAs do including godaddy and frankly, is all most of us expect a cert to be good for in the trust department.
Re:This is stupid (Score:4, Insightful)
Except that it's actually the secure thing to do.
If you check the probability that the site you are using will get hacked in the lifetime usage of it that you will do, in most case the first usage of the website will be on the valid one, and you will then learn about a Man-in-the-middle attack when it will say that there's a new certificate to accept (every other time it had not asked you).
If you don't accept the certificate, you'll be clicking all the steps everytime for that website anyway, so you won't notice the different MD5/SHA1 hash, and in fact won't even look at it.
If it happened to you that you first used it on a day with an attack, then the next day or so, when it's fixed, you'll have a new certificate, and know that there's been something wrong (site will most probably talk about it) and you will be able to react fast, since you know you were subject to the man in the middle attack.
Anyway ..
Re:no it does. (Score:3, Insightful)
Man in the middle still imposes a directed attack on you. In many cases SSL is sufficient to just obscure information like passwords used at public sites like Slashdot.
I someone does a man in the middle on that it means that they really are out to get me and my password, but in that case they have already invested enough to also cause other problems so the Slashdot password is a minor problem. The encryption will do fine to avoid it being snooped while transferred over WLAN.
But of course - I would be pissed if someone did get my Slashdot password and abused it.
Re:no it does. (Score:4, Insightful)
Warnings should still be generated for expired certificates and probably those signed by unknown CAs.
Thats exactly what SELF SIGNED certificates are. (signed by unknown CA, namely the certificate holder himself)
Re:Average user and security (Score:3, Insightful)
That makes perfect sense, except, when it comes to things we don't like here on slashdot, we don't allow half measures. If it doesn't 100% eliminate phishing, then all it does is piss off legitimate users, while providing no additional security benefit.
Re:One Question (Score:3, Insightful)
Agreed. And there is an open CA that the major browsers don't include in their root list either.
It verifies DNS control. That is more than some of the cert whores and really all I need a CA to verify since it prevents man in the middle attacks.
Even a self-signed cert is dramatically better than an unencrypted connection. Security is not an all or none affair, encrypted is better than unencrypted, and encrypted and trusted is better than merely encrypted. The current prompts make it appear as if unencrypted connections are safer than encrypted!
Re:dumb (Score:3, Insightful)
Not really a problem, just that the self signed certificate is unknown to your browser.
Don't forget that once it is installed it is no different from a well-known certificate and SSH uses the same approach by allowing you as a first-time user to accept the server signature and barf if it has changed.
Re:Seconded. (Score:5, Insightful)
Re:no it does. (Score:4, Insightful)
Is my ISP going to set up a man-in-the-middle-attack just to snoop what I'm downloading so it can provide targeted ads? I really doubt it. MITM attacks are much more sophisticated than the majority of snooping that happens on networks.
I am not saying that users should not be informed that a site is not "certified". I am saying that Firefox should not say that my site is "not legitimate" because I do have encryption, but no commercial certificate.
Re:One Question (Score:5, Insightful)
I agree, domain verification is useful and should not be done away with entirely.
I don't agree with the current policy though. A simple notification saying the connection is encrypted but the domain identity isn't verified by a 3rd party with a box to not show this again would be fine. Currently the popup goes as far as to say that the site is not legitimate!
Also, this CA 'https://www.openca.org/' does verify you have control of the domain. Why is it still not included in the browser by default?
Re:One Question (Score:5, Insightful)
Reading the article would be good, ya ?
The articles main complain is that the way FF does thing by default a website secured using a self-signed https:/// [https] certificate looks MORE scary and LESS secure than the very same site using http:/// [http] and no certificate whatsoever.
That, the author argues, is wrong. True, a https:/// [https] site *with* a certificate is even better than one without one. But BOTH are more secure than simply using http:/// [http]
So, it makes little sense to make self-signed https:/// [https] look MORE scary that http:/// [http]
I agree.
Re:This is stupid (Score:2, Insightful)
Because it is better to know a connection can be snooped than to believe your connection is snoop-proof and be wrong about it.
The real problem is "trusting" (Score:3, Insightful)
In the vocabulary of international politics, we need to "trust but verify." Which means no trust at all.
There needs to be a mechanism where a vendor or site can send you a certificate in a way that can't be spoofed. And can then be verified. Maybe it is an email, maybe it is snail mail?
What I don't like about SSL in web browsers, is that they have ignored the "verify" aspect of trust by abdicating the responsibility to a "pay for trust" regime which is bogus. If they can pay, they are trust worthy, right?
Ideally, I should be able to receive a password in the mail (or some form of communication) to unlock a "key" file sent to me from someone I want to trust. I then unlock and install that key on my system and only keys *I* trust get trusted.
It should be easy and standardized across most platforms. Anything less is broken.
Re:Seconded. (Score:5, Insightful)
Problem is that your "2" doesn't exist... the way SSL (and most other secure protocols, as SSH) is designed, having encryption without authentication is pointless, because man in the middle attacks are too easy to set up.
With SSL, the real 3 options you have are:
1- no ssl
2- "1 way authentication" SSL (usually only the server has a certificate: this ensures the client it is reaching the right server, but the server cannot trust the client)
3- mutual authentification SSL (aka "strong authentication": server and client have a certificate)
I think TFA is completely out of topic and blatantly ignorant: what would you think if SSH wouldn't warn you when the host you're trying to connect to has changed ?
The problem about SSL isn't to warn or not about self signed certificate (you HAVE to be warned about self-signed, and strongly, else anybody can easily get "average user's" bank account info, for instance). What is at stake is the lack of competition among public SSL Certification Authorities.
In general, don't try to solve a political/competition problem through technical/IT means, this won't work. Solve such problems through political/competition means (such as laws, regulators or open standards).
Re:Seconded. (Score:2, Insightful)
Driving is a privilege not a right.
This is unconstitutional statist propaganda. According to the Declaration of Independence and the Constitution, the people create a government and give it limited powers necessary to maintain order and do other important common tasks. Regulating driving is surely one of those tasks. I have no objection to requiring insurance. But the government does not confer privileges on its citizens. It's the other way around.
Re:Seconded. (Score:2, Insightful)
Bear in mind the three levels of security: 1) no-ssl: offers neither encryption nor authenication 2) SSL(self-signed): offers encryption 3) SSL(3rd party signed): offers both
why is that that no.2, which is a significant improvement on no.1, generates such a severe warning message?
Well...no. 2 also offers authentication if you consider that you signed it yourself (and it's assumed that you trust yourself because, after all, if you don't trust yourself you can you trust)? However, it seems to make sense that since there are no 3rd parties involved why does there need to be a warning? Perhaps people should just install the public certificate of their site into their browser.
Re:Seconded. (Score:5, Insightful)
number 2 is _not_ a significant improvement over number 1, simply because from a security standpoint, you have gained almost no security by encrypting if you don't know whether you're communicating between the person you want to or perhaps some fake site that looks similar, or a man-in-the-middle attack.
the only improvement is in the case of a purely-passive eavesdropper -- not much of an improvement at all. For eavesdropping purposes, if you can passively eavesdrop, you can probably actively eavesdrop and interrupt or manipulate the connections, because you've got physical access to some wires or routers or just have a laptop running airsnort software in a cafe.
furthermore, having people get used to using self-signed certificates is bad, because it lends man-in-the-middle attacks more apparent legitimacy. so of course eve couldn't fake the signature of the real key, but if any signature will do...
i don't like the existing certificate authorities ($50-$100 per year for a row in a table? sheesh!) much either, but they're needed to have trust between people who have not met before.
Re:Seconded. (Score:2, Insightful)
* Unprofessional webhosters (good riddance)
The "unprofessional web hoster", that we use at work here in Greece, offers a full spectrum of services (just about anything you can think of, including personal service--you have a problem, you call them and they fix it while you talk, not some person at a help desk who may or may not forward your request) at a rock bottom price. Their competitors have much higher prices and will charge you for anything beyond the basic web hosting package. You want more than the default few MBytes? That's extra. You want a database or php? That's extra, too. You want to park a domain? You need to buy the domain parking package. You want it now? Sorry, it's going to take 24 hours!
If the cost for all this is that we have to connect to the web site's control panel (which the other providers don't, well, provide), using a self-signed certificate, it's good riddance to those other providers!
Re:One Question (Score:5, Insightful)
You need some warning (Score:4, Insightful)
2) SSL(self-signed): offers encryption
But unless there is some warning about invalid certificate it is subject to man in the middle attacks. Also, unless you check the certificates every time, allowing self signed certificates would allow man in the middle attacks even against sights that have secure signed certificates.
Re:This is stupid (Score:3, Insightful)
That's a pretty bad point. Are you suggesting that if you can't understand what a certificate is, you shouldn't be using SSL ? If you can't understand what HTTP is, you shouldn't browse the web ? If you can't understand what BGP is, you shouldn't be using HTTP ?
If you can't understand what a self-signed certificate ist, you should only be accepting them once you either a.) learned how to understand it or b.) somebody you trust tells you to or c.) you do not implicitly care about the implications since you are not going to be transmitting private data, anyway.
Re:One Question (Score:3, Insightful)
Re:One Question (Score:3, Insightful)
Firefox 3 already does this, to a degree. Plaintext (http) has a white address bar and favicon. Unverified certs change the favicon to a blue background, and verified (example [newegg.com]) turns it green. On any of them, you can click the favicon to get expanded details.
The problem is that it's not especially obvious, and that it has very little meaning to most people even if they do notice. The only way that people will notice without a doubt is to make self-signed certs as obtrusive as they currently are - block the page entirely and proceed on if you allow an override. That doesn't fix it having little or no meaning to most people, but that's an entirely separate issue.
Re:One Question (Score:3, Insightful)
After that, a lot of ranting, saying that Firefox's behaviour is somehow incorrect, that Firefox should be forked if this doesn't change, all the while offering no solution whatsoever.
Meh!
Re:One Question (Score:4, Insightful)
The accountant doesn't have the documents for the man in the middle to intercept (this is a one-way thing, from the poster's description), and obviously he wouldn't find them by connecting to a hijacked server.
I don't think you understand how man-in-the-middle would work here.
His accountant would connect to the fraudulent server, which would give him a self-signed ssl certificate. It would then connect to the legitimate site using his credentials and display whatever the legitimate site would display. Anything available to the accountant would also be available to the man-in-the-middle, by definition - and the site would work just fine from the accountant's perspective, so no suspicion would be aroused.
Re:trust? (Score:3, Insightful)
Re:Seconded. (Score:5, Insightful)
Problem is that "2" doesn't happen.
Think of this example: I "encrypt" some confidential data. However, I've encrypted it so that I don't know who will be able to decrypt it. Does that make any sense?
Why was I encrypting it? So a criminal couldn't steal my credit card number? What if I had just encrypted it directly to that criminal? Oops! This encryption didn't help me at all.
If I want to send someone secured data I first have to define clearly and be sure of who I am sending that confidential data to.
With a little thinking you'll find that not authenticating the end users of an encrypted channel is just moving some bits around and is only as secure as your network. Meaning you might as well be sending clear text and save some processor cycles.
Now you can accept self-signed certificates, but you had better have a different way of authenticating the cert than the rest of us use. An example of this would be something from an internal corporate network.
SSL is useless without proper CA (Score:1, Insightful)
A self-signed certificate is smoke and mirrors. In any situation where I can listen in, I can arp spoof at least (or maybe I've hacked a router?) to hijack the session. Self-signed certs can be easily spoofed, because they contain the same data and raise the same warning; CA signed certs contain a CA signature and don't raise a warning, or raise warning that the cert has expired.
Replacing an SSL certificate for an active MITM attack is trivial in any case where you could otherwise eaves drop on a plaintext conversation. Self-signed certs make this attack totally invisible in most cases (100% of first time visits, and any further visit where you don't check to see if the cert has changed).
Re:Seconded. (Score:2, Insightful)
I tihnrd this complaint.
CAs are total ripoffs. Either we only allow trustworth CAs in the list, or we allow them all. Here are the results:
a) A small, highly cliqueish cabal of "trusted" operators who, by necessity, must prevent new entrants into the market for CA services, lest the web of trust be broken. RESULT: Webmasters are all screwed by the ridiculous prices for certs that will inevitably result from the monopoly or cartel, ultimately meaning fewer web sites can afford security at all and either stop operating or just don't use security.
b) A highly diffuse CA industry that has no trust anyway, thus serving no purpose but to annoy web masters and users who must register with some two bit shitty company for a perfunctory cert that they could sign themselves.
Both options suck if you ask me.
Down with CAs. They are not necessary. Customers should just learn not to buy from www.amaz0n.com
Why is there a need for a whole business around this? Where's the whole industry preventing me from walking into a dark warehouse in a nasty part of town with a large sheet of carboard and a target logo drawn on it in crayon? It's called common sense. If you're going somewhere to spend money, exercise caution.
Caveat emptor. Just because it's in Latin doesn't mean it's irrelevant in the modern world.
Re:Seconded. (Score:5, Insightful)
The real CA (Score:2, Insightful)
The first Certification Authorithy in this scenario is not Verisign, it is Mozilla. I decide to give my trust to Mozilla. If something like big police-iconified warnings occurs for self-signed certificates, I am free to deny my trust to them and change browser.
Besides, I think that Firefox should display a warning as big as that one also anytime you type a password field inside a non-encrypted site. Coherence.
Re:no it does. (Score:2, Insightful)
As the article says. SSL does both. FF3 in particular makes the first completely unusable for no good reason. The web would unquestionably be more secure if all http servers switched to using self-signed SSL certificates in place of unencrypted connections.
And this is where you're wrong. There's no point to encryption, unless you know who you're talking to.
Anyone sophisticated enough to sniff your traffic can also hijack it without much trouble. If they can hijack it, then you don't know if you're talking to the intended recipient or a hijacker (who in turn is talking to the intended recipient). This is the definition of a man-in-the-middle (MITM) attack.
The very design of SSL and its use of certificates with a chain-of-trust assumes this. Without this assumption, Diffie-Hellman key-exchange [wikipedia.org] is simpler and sufficient. None of the RSA/DSA stuff with certificates would be necessary.
Re:Seconded. (Score:3, Insightful)
How long do you think the price will stay at $14.99 when there is an industry that knows that there can be no further entrants?
One round of consolidation will give you a small cartel of companies that will take turns raising the price, just as any other high barrier to entry industry (oil is a good example, as is banking in many countries such as Australia).
Re:Seconded. (Score:2, Insightful)
Problem is that your "2" doesn't exist... the way SSL (and most other secure protocols, as SSH) is designed, having encryption without authentication is pointless, because man in the middle attacks are too easy to set up.
Um, dude. Perhaps you should pay a little more attention. SSH operates via '2'. There's not even such a thing as a signed SSH key. Granted, you can use PPK to keep someone from forwarding the connection, but good luck getting the PPK on without logging in with the password once.
With SSH, the trick is to make the first connection over an internet connection that you trust, and it stores the fingerprint for future reference.
SSL sites that didn't need authentication, that just wanted password protection against cleartext sniffing on login, could trivially operate the same way.
Like it or not, there actually is a very wide range of websites that, right now, use no encryption at all, but would use SSL if it was free, and there is absolutely no way that could make them more insecure. Likewise, there are a variety of circumstances where it is easy to sniff on a user but difficult to intercept and replace their transmission.
Almost all cars can be broken into in about 60 seconds, using a slim jim on the door. However, people still lock their doors. Basically, you're arguing that it shouldn't be possible to lock a car unless it has a full-fledged car alarm, which is a rather...stupid...argument.
Re:Seconded. (Score:2, Insightful)
I don't know where your hackers sit, but most of mine are not in a position to bidirectionally intercept and re-transmit IP packets. Are there some people in the chain that could do that -- certainly: anyone on the same LAN segment at either end, and a handful of routers in the middle -- but that's not really a large number of potential hackers.
I agree authentication is a good thing, but it's stilly to pretend the a MiM attack is easy to implement.
Re:Seconded. (Score:3, Insightful)
"Customers should just learn not to buy from www.amaz0n.com"
And without a trusted certificate from a third party, they'll have no way of knowing if they're talking to "amaz0n.com" when their browser says "amazon.com", after a DNS poisoning.
I agree that there are both too many CAs and the level of verification the perform is likely not enough, but getting rid of them is not the answer to everyone's problems.
Re:Seconded. (Score:2, Insightful)
Well, yes. A better metaphor is that car companies shouldn't be allowed to sell cars with cheap car alarms that can, in theory, be disabled in less than five minutes, and should have to either provide much more expensive ones...or they sell it with no alarms at all, like almost all cars. If they sell one with a car alarm that can be disabled in a short amount of time, they need to get the customer to do a lot of paperwork.
There's an arguable position that all car should have to come with car alarms, ones to a certain level, and that customers should be warned if they don't.
There's not really a reasonable arguments that says they can come without a car alarm, with no warning at all, but if you provide a cheap-ass one for a tiny bit more security, you have to give them all sorts of waivers to sign.
Firefox, and IE, right now, pop up enough warnings that make it seem that a web surf allowing an self-signed cert is the most dangerous thing you can do....which results in people not using any encryption at all for quite a lot of stuff. (Like, oh, the login to slashdot.)
People in favor of this talk about a 'false sense of security'. Ha. How about the false sense of insecurity browsers provide? Simply a single message 'This web site uses encryption that cannot be authenticated. Be aware it is no more secure than a standard web page.' would be more than enough. (Or, even better, no warning at all, and simply an unlocked 'lock' icon.)
Re:Seconded. (Score:3, Insightful)
How long do you think the price will stay at $14.99 when there is an industry that knows that there can be no further entrants?
What? I think the price will be under $10 and stay there shortly.
One round of consolidation will give you a small cartel of companies that will take turns raising the price, just as any other high barrier to entry industry (oil is a good example, as is banking in many countries such as Australia).
Oil is a terrible example as the price of that is set by the open market and commodity traders.
Re:One Question (Score:4, Insightful)
Snooping a connection is a hell of a lot easier and more common than hijacking one. Hell, if someone can arbitrarily hijack connections, they can get themselves a completely valid SSL certificate by demonstrating their (hijacked) control of the domain to some minor CA.
There are no perfect answers to these security problems. But there are wrong answers - and requiring website owners to always sign up and be approved before they can use the HTTPS protocal on a public website is a wrong answer.