firefox and bad ssl certificates
Neal McBurnett
neal at bcn.boulder.co.us
Wed May 7 23:36:54 UTC 2008
On Thu, May 08, 2008 at 12:45:46AM +0200, Martin Pitt wrote:
> Peio Ziarsolo [2008-05-07 13:03 +0200]:
> > But for power user that know the significance of a bad certificate it's
> > annoniying add exceptions (this morning I have to add 3 esceptions).
>
> This doesn't have anything to do with power users/n00bs. An invalid
> SSL certificate isn't any better or worse depending on the type of
> user. If a site sets up SSL with an invalid certificate, then this
> buys the user nothing but a false sense of security.
>
> The proper approach to this IMHO is to make adding exceptions in all
> web browsers (especially IE) as hard and explicit as in Firefox 3.
> This would perhaps force site admins to get a grip and stop ignoring
> broken SSL certs, once they get a flood of complaints.
>
> > Is there any key to toogle off this new feature?
>
> I *so much* hope that there isn't. People should really start to
> understand that this is a SERIOUS error and shouldn't at all be
> considered 'normal'.
Invalid certs are one thing. But doesn't this also affect self-signed
certs?
Self-signed certs are appropriate for many use cases in which the goal
is primarily encryption (e.g. to protect data flowing back from the
server to the user), rather than e.g. protecting bank accounts by
authenticating the server to the user. E.g. connecting to a local
ebox management port, or a small community wiki.
In many low-security situations, this change pushes server operators
into buying pricey certs from certificate vendors who often offer
little or no meaningful vetting and accept zero liability.
This stuff is complicated, involves politics, and can't be painted
with such a broad brush. Education is a big part of it, like with most
security-related issues.
The current warnings are confusing, and are being improved. Let's try
to see to it that they communicate as well as possible. Otherwise too
many grass-roots sites will just go back to asking folks to enter
passwords over unencrypted connections, or users will get used to
bypassing yet another set of dialogs and phishing will continue
scarcely abated.
E.g. how hard is it for folks to buy in to their own web of trust and
get e.g. all CACert certs accepted?
http://cacert.org
Neal McBurnett http://mcburnett.org/neal/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20080507/e8320805/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list