Firefox SSL-Certificate Debate Rages On

BobB-nw points out the ever more raucous debate over the way Firefox 3 handles self-signed certificates. The scary browser warnings have affected a number of legitimate sites (such as Google AdWords and LinkedIn) that didn't renew certs in time. Lauren Weinstein loudly called attention to the problem early in July. "If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message... To get past this error page, users have to go through four different steps before they can access the website, which from a usability standpoint is far from ideal. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is."

Worth it.

As long as I get my awesome bar, I'll put up with anything.

Re:Worth it.

Well, I can live with it, but they could at least patch this feature to make it less annoying with self-signed certificates. Show a warning, yes, but right now the error message is too creepy.

Re:Worth it.

It's supposed to be creepy [johnath.com], because it may be the only warning you're the victim of a DNS poisoning and you're not at the site you think you are, or you're the victim of a man-in-the-middle attack and your "encrypted" communications are being intercepted and read. At least in Firefox 3 you need to add an exception to see the site, so you see the warning only once. In Internet Explorer 7, you can see the site by clicking a link, but you will see the scary warning every time you visit the site. Users will disregard the warning if they see it very often, making the warning ineffective.

Re:Worth it.

amen. The error message seems to be designed for people who know about these things, not mom and pop users.

I don't follow this sentence. That seems to describe *precisely* the old way of doing things, an easily dismissable box that only experts took note of and understood. The new method is *supposed* to bother users and get them to pay attention to the actual risk, while offering them a way to still accept it.

Whether or not you think being bothersome to users is a legitimate technique can and should be open to debate, but I don't think it targets experts at all...

Re:Worth it.

They could do with a red-yellow-green warning system.

Red- sites with self signed certs which have changed since the last time you have visited them(keeping a record of all certs accepted to this point would be a good idea to help with this)
Yellow- Self signed cert. Warning first time you go to the site with accept/reject.
Green- Signed and verified by trusted 3rd party.

Sites which have a signed and verified cert and which have marked themselves as "should always be HTTPS" but which you are visiting with HTTP -should be red as well.
This way if some phisher sent you a link to http:\\paypal.com and paypal had registered with the trusted 3rd party that their site should always be using HTTPS then you get a red warning. Yes I know this would mean traffic to the trusted 3rd party whenever you visit any http site.

Re:Worth it.

Let's not expect site maintainers to actually keep their ssl certs up to date. Oh noes. We want customers to not trust ssl certs so they may fall victim to a scam.

Re:Worth it.

I have to agree. Few things should be more important to a site administrator that handles personal information for their clients than getting their SSL certs updated in time.

Browsers that allow this kind of lax security atmosphere are part of the problem.

Re:Worth it.

Better yet: expect the non-technical crowd, the users, to put up with errors of the pro-technical crowd, the site maintainers.

Excellent shift of responsibility towards, right?

I think this is an issue of whiny webmasters, really. A proper certificate is around 10 bucks per year and although they issue it to anyone, it is security at a much higher level than using a self-signed crutch.

If you're a website owner, put up those 10 dollars and stop complaining. Keep your house clean and your certificates valid.

EVERYTHING you do by that is better than to accustom millions of non-technical users to click away any and all error messages when surfing. If all browsers would show these drastic certificiate errors AND all SSL-loving webmasters would keep their certs updated, we would have less issues in phising and scamming, much less.

Either you have security or you don't. Encrypting to someone is useless or even dangerous when you mistake the identity of the receiver.

That's the point.

Isn't scaring away inexperienced users from sites with questionable security the whole point of those warnings?

I mean a user friendly message that lets someone get past it really easily wouldn't exactly get the job done.

Re:That's the point.

Didn't scare me away. I just bought a laptop from neweggs.com for a fantastic price, and their cert was expired. They even added a second layer of security for credit card transactions, requesting my SSN and driver's license. I can appreciate that level of trust from a website.

Re:That's the point.

If we need to change the way SSL certificates are issued and who has control over it (etc) . . . that is one issue.

Encouraging web browsers to ignore security irregularities and allow users to access sites that handle private information *without* bringing it to the user's attention is just irresponsible.

Re:That's the point.

http://www.startssl.com/ [startssl.com] Except you can get it for free.

Re:That's the point.

No, they are not. I'm afraid you are not as experienced as you think.

You see, self-signed certificates are only wide open to MITM attacks if the person monitoring you was replacing all certificates pro-actively before you even visited the website once. If you however have visited the site before, Firefox will warn you that the certicate has changed when a MITM changes it. At this point Firefox should display a big red warning.

Furthermore, and this is the part that people like you donot seem to grasp, there IS use for encryption beyond protection from MITM attacks. Using SSL encryption protects me from password sniffers that sit on my network, or in my wireless neighbourhood or from some comprimised router my request travels over. It protects me from some script kiddy running a network monitor seeing what I'm typing in HTTP forms. Yes, it does not protect me from a REAL MITM attack (unless of course I've been there before, and see that the certicate changed), however the sites providing simple SSL encryption just for the sake of not sending stuff in plain text are not worth attacking anyway.

Security Is worth It With all the Troll Sites

With all the sites out there just looking to steal information from you, and to introduce Cross-Site scripting elements, this is a good idea. I want my browser to warn me when I'm going into uncertain territory. And if a website owner screwed up and did not renew their certs--to hell with them. We're supposed to accept a security risk because they couldn't get off their asses as renew? I don't think so.

There's another hassle too

Try going to multiple Linksys devices (WRT54Gs come to mind) with the same self-signed certificate.

This is what you'll see:

You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)

You'll only be able to set up an exception for the first one, the rest of them... so sorry so sad... unless you manually dump the certificate each time.

FF2 did not have this "feature", you could set multiple exceptions and not have to worry about it again.

Total PITA if you're working with residential users.

Re:There's another hassle too

Why doesn't Linksys provide the certificate used to sign the certificates on all those routers? Then you could add that certificate to your root certificates and no longer get any warnings at all. It looks to me like Linksys dropped the ball on this one. Perhaps the changes to Firefox 3 and Internet Explorer 7 will help companies get more serious about ensuring security.

This is the RIGHT solution...

If you EVER want to combat man in the middle attacks and phishing sites, this is the best solution. Sites whining that people are being scared away??!? Get a fucking grip, and get a real certificate from a real certificate authority so your users can actually trust you. People/companies are cheap and lazy, and unfortunately this leads to a whole host of problems...keeping your certificate legitimate and up to date should be no different than taking care of your insurance or other critical infrastructure.

No Excuses

Fundamentally, the people at fault here are the so-called professionals who allow their certificates to expire. Why should I trust their site's security if they can't manage a simple administration function like that. Thawte and Verisign provide you with enough reminders that your certs are about to expire, so you don't even need to diarise it yourself.
I do have more sympathy with self-signed certificates.There is no excuse for corporates to be using them, but for small, non-profit sites, self-signed is understandable. Mozilla could help this situation by providing support for CACert [cacert.org] and similar organisations, by including their signing certs in their browsers, by default.

expected behaviour

This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is.

Well that's the point. The certificate is not valid and there is no way to tell the website is legitimate. If one would insist on using TLS/SSL for HTTP with a self-signed certificate, have users install your own CA keys you gave them through another secure channel, or at least let them check the fingerprint. Nobody keeps you from doing that. It's sad that some of these things are so widely misunderstood that it actually reduces privacy and security:

• login forms on http: URI, posted to https: URI. Please, the website should identify first.
• Session Cookies which are sent for both secure and unsecure connections.
• people asking me to sign their openPGP keys they sent via e-mail wondering why I call them in return to verify the fingerprint. (This guy had a Ph.D. in computer science and after a heated exchange on the phone and e-mail I just gave up. He hates me ever since.)

The new behavior of Firefox 3 is not a problem, it's people failing to security-enable their website the right way.

I'm Firefox, I'm IE

This is a switch of the "Cancel/Allow [youtube.com]" Mac/PC ad.

Here we have FF3 saying

"You have tried to access a secure site with a dodgy certificate, Cancel or Allow?"

IE meanwhile troops on regardless giving a better "user experience"

Oh until the machine goes down because the site was a trojan site using a self-signed certificate.

The issue here isn't that Firefox is making this hard, its that ANYONE ever made this easy. If a site has an expired certificate then that would worry me as it implies their IT support is a bit dodgy. If someone wants my credit card details and is using a self-signed certificate then I'm VERY worried.

There are functional issues (the duplicate cert problems of Linksys has been mentioned here) that should be addressed. But the basic problem of warning users very strongly that a site is self-signed or has an expired certificate is a good thing.

I'm using Firefox, I'm on a Mac and this problem just hasn't irritated me the way that Vista does because this does it when there is a REAL problem caused by a 3rd party, not a potential problem caused by me hitting a button. Expired or self-signed certs are a real 3rd party problem, not a scare story.
 

As a Safari user

As a Safari user, i find that reading mainstream media and "security researchers" fucking hurts my head.
First Safari is bad because it doesn't have anti-phishing.
Then FireFox is bad because because it throws a fit on un-signed certificates.
WTF do they all recommend? Exploder?

I guess it all fits with the flow of uneducated American populace, too ignorant to learn to use a computer properly, so "Security Experts" need to be babysitting them.

(for those of you wondering why I use Safari, it's because of its superb in page find feature.)

Certificate hijacking

SSL Certificate hijacking is a real issue so it should not be underestimated. Users should not be able to just dismiss a warning dialog like they can do with IE. However I do think self signed certs shouldn't be discriminated this way. Learn more with presentation #11 here:

http://www.securitypresentations.com/#11 [securitypr...ations.com]

Before everyone posts the 'so obvious' facts...

Before all the security fanatics start telling everyone to "just spend ten bucks on a cert"...

1. Embedded appliances (you know, the hundreds of millions of routers, firewalls, etc.) cannot use an authority cert. The choice is between self-signed and no encryption only, and Firefox is pushing manufacturers towards the less secure option.

2. Typically, you first encounter a self-signed cert in a secure context (for example, setting up such an appliance by plugging it directly into your PC and visiting the web interface). After that, all you care about is whether the cert changes. The whole man-in-the-middle thing is NOT a guaranteed problem with self-signed certs.

3. Real cert authorities are not the invulnerable swiss banks everyone thinks they are. They can and have issued certs when they shouldn't have. And that isn't just new certs; last week there was a story about a Firefox-trusted cert authority that issued a Microsoft live.com domain cert to someone. So those who think authority certs are secure are deluding themselves.

In the end, Firefox's current behavior does not promote security; it simply makes life hard and annoying for legitimate users.

Why we have certificate authorities

I'm going to assume that there is a sizable minority here who doesn't actually understand what is going on with SSL certificates and why they are important. So here goes:

Assume you're trying to access your online bank, and that Dr Evil is your ISP's systems admin (or anyone else who can get between you and your bank).

In the normal course of things, your web browser makes an SSL connection to your bank, validates the certificate is signed by one of the certificate authorities that your browser trusts and you're good to go.

The certificate authority check is there to prevent Dr. Evil from setting up a server in between you and your bank. In that scenario, you would connect to Dr Evil, get his key, encrypt your username and password using his key. Dr Evil then decodes the user/password and sends it onto the bank in another connection. Then he bridges the two connections, walks off with your password and you're none the wiser.

Because of SSL certificates, if Dr Evil did try it, you'd get the nasty certificate warning, and hopefully not give Dr Evil your banking passwords.

Min

Re:Another Solution to Self Signing?

The point of a certificate is not to guarantee that the owner won't do something malicious. The point is to guarantee that the only person who can decrypt the communications is the site you think you're talking to. It's a guarantee that someone else will not listen in on the conversation.

For a free certificate that works in Firefox, you can use StartSSL. For a cheap certificate that works in all browsers, you can use RapidSSL.