Johnathan Nightingale, a user interface developer for Firefox, has responded to the criticisms of the way that self-signed certificates are handled in Firefox 3. He first complains about the number of times that users call his user interface decisions stupid through wording such as:

Q: Why has Firefox started treating self-signed SSL certificates as untrustworthy? I just want encryption, I don’t care that the cert hasn’t been signed by a certificate authority, and anyhow I don’t want to pay hundreds of dollars just to secure my communications.

Jonathan explains the problem with this kind of thinking:

First of all, this isn’t quite right. You never *just* want encryption, you want encryption to a particular system. The whole reason for having encryption is that you don’t want various ill-doers doing ill with your data, so clearly you want encryption that isn’t going to those people. “So fine, I want encryption to a particular system,” you say, “but I don’t need a CA to prove that my friend’s webmail is trustworthy. CAs don’t even do that anyhow. I trust him, Firefox should get out of my way.” Yes, absolutely - the browser is your agent, and if you trust your friend’s webmail, you should be able to tell Firefox to do so as well. But how do you know that’s who you’re talking to?

He then gives three specific ways that your "Secure SSL Connection" could be exploited if the server uses a self-signed SSL Certificate including packet sniffers, router flaws, DNS flaws like the one that Dan Kaminsky revealed. He then concludes:

The question isn’t whether you trust your buddy’s webmail - of course you do, your buddy’s a good guy - the question is whether that’s even his server at all. With a CA-signed cert, we trust that it is - CAs are required to maintain third party audits of their issuing criteria, and Mozilla requires verification of domain ownership to be one of them. With a self-signed certificate, we don’t know whether to trust it or not. It’s not that these certificates are implicitly evil, it’s that they are implicitly untrusted - no one has vouched for them, so we ask the user. There is language in the dialogs that talks about how legitimate banks and other public web sites shouldn’t use them, because it is in precisely those cases that we want novice users to feel some trepidation, and exercise some caution. There is a real possibility there, hopefully slim, that they are being attacked, and there is no other way for us to know. On the other hand - if you visit a server which does have a legitimate need for a self-signed certificate, Firefox basically asks you to say “I know you don’t trust this certificate, but I do.” You add an exception, and assuming you make it permanent, Firefox will begin trusting that specific cert to identify that specific site. What’s more, you’ll now get the same protection as a CA signed cert - if you are attacked and someone tries to insert themselves between you and your webmail, the warning will come up again. I don’t think the approach in Firefox 3 is perfect, I’m not sure any of us do. I have filed bugs, and talked about things I think we could do to continue to enhance our users’ security while at the same time reducing unnecessary annoyances. You’ll notice that Firefox 3 has fewer “Warning: you are submitting a search to a search engine” dialog boxes than Firefox 2 did, and it’s because of precisely this desire. I welcome people who want to make constructive progress towards a safer internet and a happier browsing experience. That’s what motivated this change, it’s what motivates everything we do with the browser, really. So it sure would be nice if we didn’t start from the assumption that changes are motivated by greed, malice, or stupidity.

SSL Question Corner - [meandering wildly]

Originally posted on Sun Aug 10, 2008

