Behaviour of Firefox for untrusted certificates
Les Noland
lnoland at xnet.com
Sun Dec 28 22:36:41 GMT 2008
This is my first post to the mailing list so, please excuse me if I am
not handling this correctly. I wanted to add comments to an old thread
(from April 08) with the same Subject line but could find no
instructions on how to accomplish that. Since it was an old thread,
perhaps starting a new one is a better idea anyway except that I prefer
not to have to rehash a lot of what has already been said.
I am a fairly new user of Firefox and Ubuntu and recently ran into a
case which I have had come up numerous times under other browsers, a
web-site with a self-signed security certificate. As you no-doubt know,
Firefox gives one just two choices in such a situation: create a
security exception to accept the certificate as trusted; or forget about
going to the website. I find both of these choices to be problematic.
I may have a very valid reason for going to the website, but that does
not mean that I want to make a permanent exception to a very important
security system. If I know the website is not trusted, I will not enter
any information there for which I woulld feel the requirement of a
trusted website. Often when this comes up, I am simply researching
something and only plan to read the website -- I am not planning to
enter any information there, at all. But if I make an exception and now
indicate that I wish to trust the website, I will lose any warnings
that it is not trusted and may forget about that status, thus making me
even less safe -- what value is there in that? Even if I can revoke
that trust when I am done with the website, the fact that I have to
remember to remove the trust makes me vulnerable to not doing so and
perhaps revisiting the site in the future without recognizing that I
should not trust it. If I am reasonably certain of the authenticity of
the website, plan to visit it often, and cannot persuade the website
owener that they should obtain a certificate from a trusted CA, I might
choose to make an exception but, in general, even in these cases, in the
past, I have generally chosen to just continue to see the warnings each
time to remind me that the site is not fully trusted.
For background on the problem, I just spent 2 to 3 hours reading through
the lengthy debate, found here:
https://bugzilla.mozilla.org/show_bug.cgi?id=327181
which, apparently, provided the foundation for this behavior. Though I
was happy to see the security issues discussed in such detail, a couple
of the cornerstones of the argument troubled me. First, there was the
presumption (based on some security study) that users, when presented
with error messages, will simply "click through" those messages without
consideration, leading them into a possible disaster. Second, it is
incumbent upon Firefox to protect the users from this behavior at nearly
any cost (to the user).
On the first point, I don't know anything about the cited security study
but in addition to being a user, I have been observing users for many
years in conjunction with doing software support, and while I would
agree that there is some validity to the claims, users have largely been
trained to act this way by too many useless error messages: mesages
which indicate something is a problem which actually is not; messages
which cite a valid problem but in language which is unintelligible to
the user; messages which are triggered by a valid problem but which fail
to identify it or to suggest a solution; or even messages which signal a
problem with no suggestion of what the user can or should do about it,
even treating it with an almost cheerful resignation (e.g. the
ubiquitous Microsoft message boxes with something on the order of, "Data
corruption detected. The file could not be recovered. OK[?]" (No, it
is not OK). It is not true, however, that every user will simply
dismiss errors without reading them but if you blanket them with
messages with which they are more-or-less powerless to comprehend or
cope, they will pretty much respond by not coping. I, for one, read and
consider all error messages I receive -- but if the message makes no
sense or is unintelligible to me, fails to suggest a proper response,
suggests, without explanation, a response which seems wrong or risky, or
anything of the like, I am nearly as likely as a novice user to simply
ignore it and move on. If it sounds ominous enough I will try to
research it but given the massive number of near-useless messages
generated it's not going to happen with every message. So, it seems to
me, rather than worrying about whether users will ignore one's messages,
one should worry about whether the messages say something worth
reading.
As to whether the users should be protected at any cost, I would simply
ask, why? If you have cited the problem, explained why it is an issue,
offered alternatives as well as what consequences might occur related to
each possible action, it seems to me that you have done plenty -- if
people still choose to ignore your warnings they either have good
reasons or they have no one to blame but themselves. Throwing road
blocks in their way to force them to consider their actions is not
likely to help -- whether because they considered their ignorance bliss
or they simply had a legitimate reason to ignore the warnings, the extra
steps will likely be greeted as just another annoyance which might make
another browser more attractive. Offering an alternative, llike making
an exception for the certificate will also likely have little positive
effect if taking advantage of it makes things less secure than an
alternative not offered, like continuing on to the site forewarned of
what behaviors will be risky and what the consequences of ignoring that
risk might entail.
Ultimately, foolishness likely has no cure and there is little point in
treating it -- ignorance is worth treating and generally responds well
to quality information provided in a timely and accessible manner. I
really think Firefox should be changed to allow one a relatively easy
way of temporarily visiting an untrusted website -- before accessing it
they should be apprised of the risks and how to minimize those risks.
-- Les
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-mozillateam/attachments/20081228/d63efc88/attachment.htm
More information about the Ubuntu-mozillateam
mailing list