Following an interesting discussion on the ZOG security mailing list (which is so elite and secret that, should you be interested in joining a bunch of security guys bashing on Windows and planning beer & pizza excursions, well, enjoy – NO HEADHUNTERS) I thought I’d share my blather on why, frankly, Firefox 3′s self-signed certificate handling sucks.
Don’t get me wrong, aside from the bloat I love FF. It’s like Apache — it’s a resource hog, but it does what you want nicely, and it’s kind of like a pair of old underpants that you can’t quite bear to throw away. But this one particular bit of chicanery just stinks.
In case you forgot, when faced with a certificate signed by a CA whose root certificate is not in FF’s certificate store, you receive an obnoxious set of messages (here on a Mac:)
Oh noes, a cop. It must be bad!
“Legitimate…other public sites will not ask you to do this.” Screw you.
“This site attempts to identify itself with invalid information.”
I am doing no such thing. Rather, I am attempting to encrypt your data transmission. My site has no reason to identify itself to a client. Yes, this goes away after the first time, but boy, what a way to scare off potential visitors?
Like Opera, and in contrast to Google Chrome, Firefox does not use any OS built-in certificate stores, such as Windows’ MSCAPI.DLL or MacOS X’s keychain access. I assume this is for ease of cross-platform maintenance) but it does make it less likely that anyone will use certificates installed universally as part of a Mac package or Windows MSI installer or equivalent.
Thankfully, StartCom Certification Authority is now included by default; CACert, in addition to providing fairly short-lived certs (full disclosure: I am a CACert assurer of some sort, or at least I was before I completely forgot about it) appears to have failed an audit at one point; Axel Eble points out that Ian Grigg, of Financial Cryptography, is currently conducting an open audit of CACert.
As far as free certificate issuers’ root certificate inclusion in Microsoft products goes, the company’s CA certification policy is pretty hairy — looking at the technical and audit requirements, an open candidate for inclusion in the Windows / Internet Explorer certificate store will have to muster significant financial resources. Even if this were the case, there’s the interesting catch-all near the end of the requirements, disqualifying
“CAs who fail to meet the burden of proof for the broad business value of their offering to Microsoft customers.”
Without any criteria on what this constitutes. At least IE’s self-signed certificate warning is a bit less cumbersome.
Commercial certificates cost a fair amount of money, starting at USD $150 for a 1-year basic SSL cert from Thawte, essentially for no incremental cost once they’ve passed their audits. It’s a money machine, although I can’t fault them for it; I’d try to make money off a broken model too, if I could.
Why is this an issue? Because the more the use of encryption permeates the Internet, the better. Call it a distrust of authority, a desire to see increasing amounts of personal data secured out of general principle, a fundamental interest in an overall increase in entropy (let’s not get into the reasons why hiding, obfuscating and protecting your data is necessary — I will simply revert to the old and invincible argument about “you close your door when you use the toilet, don’t you? What do you have to hide?”) I want to see everyone and their dog use cryptography, if only for the purpose of letting Joe Schmoe acclimatize himself to the fact that it is not only possible and perfectly legitimate, but actually a very good idea, to encrypt things.
A big scary looking warning creates fear and distrust in the minds of nontechnical users when they visit a site with a self-signed certificate whose purpose is really only to keep the transmission of data-that’s-nobody-else’s-business secure (in addition to being a very small pain in the ass to those of us who have to click through the annoyance every time we want to log into our private web services from a different browser.) Is that the point? What about this?
Nice one, PGP. Might want to talk to your customer services provider (that is, or at least was at time of writing, their actual site.)
Ian Grigg makes a good point — “I despise and loathe the idea that to use crypto you have to know me.” As such, I agree with the idea that it’s pretty dumb to combine the handling of credentials used for encryption and identification of sites. From what I can tell, the latter is Mozilla’s main concern with the hoops a nontechnical user has to go through to make sure a site is “legit.”
I understand the idea of wanting to make it clear that a certificate not signed by a “reputable” CA may be masking a phishing or otherwise fraudulent site. However, one way around this would be to have two classes of warnings — one a simple check whether the FQDN of the website is identical to that of the host the certificate is created for, with a big friendly easy-to-understand information message stating something along the lines of “this certificate is for host xyz.com, please make sure the address in your browser bar is the same” with a simple list of cautions below it.
Bonus points for separating the authentication and encryption portions of an SSL connection — tell the user “the site claims to be xyz.com but may not be, but your transmission is encrypted, do not enter sensitive data, such as credit card or personal information, unless you’re sure whom you’re talking to” and basta.
The second use case, for certificates authenticating a site and encrypting a connection, should check far more strictly that the issuer is legitimate. In this case, the end-user has a genuine need to know that the certificate issuance process is tightly controlled via a trusted party — the CA root cert included in the browser store. Fair enough.
Yes, the average “user” may not have much clue, but excessive mollycoddling at the expense of usability is bound to be counterproductive — it scares people away from increased use of crypto, and annoys the rest of us with way more obstacles than are necessary.
Recent Comments