Firefox SSL-Certificate Debate Rages On 733
BobB-nw points out the ever more raucous debate over the way Firefox 3 handles self-signed certificates. The scary browser warnings have affected a number of legitimate sites (such as Google AdWords and LinkedIn) that didn't renew certs in time. Lauren Weinstein loudly called attention to the problem early in July. "If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message... To get past this error page, users have to go through four different steps before they can access the website, which from a usability standpoint is far from ideal. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is."
There's another hassle too (Score:5, Informative)
Try going to multiple Linksys devices (WRT54Gs come to mind) with the same self-signed certificate.
This is what you'll see:
You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:
Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.
(Error code: sec_error_reused_issuer_and_serial)
You'll only be able to set up an exception for the first one, the rest of them... so sorry so sad... unless you manually dump the certificate each time.
FF2 did not have this "feature", you could set multiple exceptions and not have to worry about it again.
Total PITA if you're working with residential users.
As long as we're complaining about browsers (Score:4, Informative)
Let's complain about how easy it is for you to navigate to a malicious page in IE and get malware on your PC.
Seriously people, this isn't a huge deal. Err on the side of security rather than the other side, I would say.
I think Firefox's solution is the best we can hope for. If you or me can get a self-signed cert, a phishing site author certainly can. Then all of a sudden if Firefox were to accept self-signed certs, phishing sites over HTTPS look legitimate, and they look the same as every other HTTPS site that shelled out $$$ to get their certs signed by a trusted root authority. Hell it doesn't even cost $$$, there are a few root authorities that'll sign certs for free, and one is accepted by Firefox (I forget the name). So that's always an option. If you don't like adding exceptions to your own pages, get on Google and figure out how to fix it!
Certificate hijacking (Score:5, Informative)
SSL Certificate hijacking is a real issue so it should not be underestimated. Users should not be able to just dismiss a warning dialog like they can do with IE. However I do think self signed certs shouldn't be discriminated this way. Learn more with presentation #11 here:
http://www.securitypresentations.com/#11 [securitypr...ations.com]
Re:Another Solution to Self Signing? (Score:2, Informative)
There are such things, like CAcert. Organizations that start offering community based free certificates. The problem is if certs are not being sold for money, Mozilla will not include them. CAcert asked in 2003 to be included as a CA in Firefox. To this day, the bug is still open in bugzilla and awaiting inclusion.
Re:Another Solution to Self Signing? (Score:1, Informative)
What are the free alternatives to VeriSign's hefty fees?
Hefty fees? Jesus fucking christ, you can get certificates from Godaddy or QuickSSL that are accepted by all browsers for $20 a year or less.
Besides being expensive, it looks like any shmo can register with verisign and then conduct all sorts of questionable practices behind their cert. ... While the connection is secure, that doesn't tell me a darn thing about what they are going to do with my data, or weather or not they're going to try something malicious.
Absolutely correct. Signed SSL certificates only promise two things:
- your web browser is actually talking to the website you think it is talking to
- your web browser is using encryption to talk to the website
That's all SSL does. What the website does with your information after you give it to them is completely out of the scope of SSL.
Here's an analogy. You have a large pile of cash. You hire an armored car company with armed guards to pick up your cash and deliver it to your bank. The armored car company picks up the cash, signs for it, drives to the bank, then certifies to you that they delivered the cash to the actual bank and deposited it into your account. BUT, someone creates a fake debit card and steals money from your account - THIS IS NOT THE FAULT OF THE ARMORED CAR COMPANY. The armored car company did everything correctly.
Re:Another Solution to Self Signing? (Score:4, Informative)
StartSSL [startssl.com] offers free certificates, and their root cert is included with Firefox.
Re:Another Solution to Self Signing? (Score:5, Informative)
The point of a certificate is not to guarantee that the owner won't do something malicious. The point is to guarantee that the only person who can decrypt the communications is the site you think you're talking to. It's a guarantee that someone else will not listen in on the conversation.
For a free certificate that works in Firefox, you can use StartSSL. For a cheap certificate that works in all browsers, you can use RapidSSL.
Why we have certificate authorities (Score:5, Informative)
I'm going to assume that there is a sizable minority here who doesn't actually understand what is going on with SSL certificates and why they are important. So here goes:
Assume you're trying to access your online bank, and that Dr Evil is your ISP's systems admin (or anyone else who can get between you and your bank).
In the normal course of things, your web browser makes an SSL connection to your bank, validates the certificate is signed by one of the certificate authorities that your browser trusts and you're good to go.
The certificate authority check is there to prevent Dr. Evil from setting up a server in between you and your bank. In that scenario, you would connect to Dr Evil, get his key, encrypt your username and password using his key. Dr Evil then decodes the user/password and sends it onto the bank in another connection. Then he bridges the two connections, walks off with your password and you're none the wiser.
Because of SSL certificates, if Dr Evil did try it, you'd get the nasty certificate warning, and hopefully not give Dr Evil your banking passwords.
Min
Re:That's the point. (Score:5, Informative)
Re:That's the point. (Score:5, Informative)
No, they are not. I'm afraid you are not as experienced as you think.
You see, self-signed certificates are only wide open to MITM attacks if the person monitoring you was replacing all certificates pro-actively before you even visited the website once. If you however have visited the site before, Firefox will warn you that the certicate has changed when a MITM changes it. At this point Firefox should display a big red warning.
Furthermore, and this is the part that people like you donot seem to grasp, there IS use for encryption beyond protection from MITM attacks. Using SSL encryption protects me from password sniffers that sit on my network, or in my wireless neighbourhood or from some comprimised router my request travels over. It protects me from some script kiddy running a network monitor seeing what I'm typing in HTTP forms. Yes, it does not protect me from a REAL MITM attack (unless of course I've been there before, and see that the certicate changed), however the sites providing simple SSL encryption just for the sake of not sending stuff in plain text are not worth attacking anyway.
Re:Worth it. (Score:5, Informative)
If the site uses a self-signed cert and hasn't changed since your last visit, you get no warning in Firefox 3.
If you visit a site for the first time and you get a self-signed certificate, that could be the only warning that you're the victim of a man-in-the-middle attack or DNS poisoning attack. You need a warning in that case. Please read the article I link to; it explains this point clearly.
Re:Entirely legitimate (Score:2, Informative)
OR it will force users back to IE. No, really: imagine you're the webmaster. If you use a self-signed cert and your user can't connect and asks for help, what will you do? Buy a cert? Why? Give advice? Sure, but users won't follow even three steps if it "looks complicated". Simplest option is to say "Use IE". Great, we're back to where WWW has been a few years before - creating a niche for which you "have to" use IE anyway, so why switch.
FF is shooting itself in the foot. Especially with self-signed certs - expired ones should be treated much less kindly, but this is too much even in this case.
Another example of idealistic but misguided approach to security - Opera mail client + SSL/TLS. For oh-so-many versions I've been MAD about one thing: every time I started Opera I got a warning that certificates for two mail servers at work had a short RSA key - half of suggested length. No way to say "I know, but I'm not the admin and the ticket got a WONTFIX (until it expires), so stop bugging me already"! I was getting more and more irritated, until finally Opera won. I turned off SSL completely. I switched from hoping that I'm not interesting enough for anybody to try to hack a less-than-suggested encrypted connection to hoping that I'm not interesting enough to snoop on at all. Is THAT better? I think they finally understood the problem, as the newest version allowed me to install the certificate and ignore the short key.
Make sure that your users can tell a really secure connection from an unsecure one. Make that lock icon more visible, or make a big lock symbol flash on the screen for a moment (maybe over the menu so that JavaScript can't simulate it) after establishing a connection. Do everything to make people expect certain behaviour from a secure site and notice when it doesn't happen. But blocking content because you think it's not secure only makes sense if you're consistent and block the completely unencrypted connections as well. Can't do that? So don't do it at all.
Re:I'm Firefox, I'm IE (Score:3, Informative)
IE does not "troop on regardless." It gives a similar nasty looking warning, as well it should.
Re:Self-signed certificates are not secure (Score:3, Informative)
Do you even know what SSL is for?
Do you?
There are many scenarios involving semi-sensitive data (access to some collaboration website, access to services only supporting basic HTTP authentication etc) where a signed certificate is an overkill.
In these cases a self-signed cert and SSL surely won't protect your data from a malicious web server. However SSL will do a great job protecting your data as they travel to get there. Without SSL, someone with access to any intermediate router can get your data with a plain tcpdump.
Of the hash of a self-signed certificate should be confirmed by a side-channel. Otherwise a MITM attack is possible. But even with the hash uncofirmed, how many people you know that are able to launch a MITM attack?
PS: Do you use self-signed certificate for the ssh server of your linux box/server? If yes, why do you even bother using ssh? You would do fine with telnet in the first place.
Re:No Excuses (Score:3, Informative)
StartSSL [startssl.com] provides free certificates, and they're included in Firefox.
Unavoidable with devices (Score:5, Informative)
Self-signed certs are not always "poor security practices". Consider, for example, devices like the ubiquitous Linksys broadband routers. They support ssl connections for administration, which is probably a good idea (tm).
But signed certs require a domain name, and cost real money (typically $100/year), which is probably a little much for a home user who just wants the extra security on their LAN. So self-signed certs are perfectly reasonable for uses like that.
Re:That's the point. (Score:1, Informative)
Except IE doesn't recognize them as a CA! It's just as bad, or worse for the users.
Re:Unavoidable with devices (Score:3, Informative)
I still fail to see how being driven away from anti-eavesdropping (but unauthenticated) communications to completely unencrypted AND unauthenticated communications makes people "safer"
Trusted third party signatures guard against man in the middle attacks by allowing verification that the private key used to encrypt data actually belonged to the expected individual or organization and not a criminal.
All of this depends on the good intentions and competency of the signature authority. In this specific case, Verisign is that trusted party.....................
Of course they do (Score:3, Informative)
self-signed certs don't prevent prying eyes in the slightest.
Of course they do.
I installed self-signed certificates on several of my services. I know the fingerprints. I verified the fingerprints in my browser. If the certificates change I'll get an ugly warning.
Where's your attack on this setup?