Mozilla Firefox 3 so far seems to be a nice improvement over the already-pretty-good Firefox 2, but in one particular respect it’s doing something that I think is very bad. As of Firefox 3, the Mozilla corporation apparently no longer believes that anyone can legitimately encrypt the traffic on their own servers without permission from a “professional”. A well-meaning attempt to protect “consumers” on the internet has gone a bit too far and crossed an important philosophical line, in my opinion. (Oh, and sorry for the long block of imageless text that is this post – I couldn’t find any appropriate images to sprinkle in here.)
This all has to do with the way Mozilla now has Firefox 3 treating a particular type of “SSL” encryption mechanism. To understand the problem it might help to have a little bit of possibly oversimplified background…
Imagine you want to exchange messages with someone else and you don’t want other people to eavesdrop on you. You might get a strong box and a lock for it. You get two keys for the lock, and give one to your friend. Then, you can just lock your messages in the box and send it to your friend, who uses their own copy of the key to unlock it (and can then place their reply back in the same box and send it back to you). This is the way it used to be done digitally – you and your friend would agree on a “password”, and that password would be used to encode and decode the messages. This is the “shared key” model of encryption.
There are two problems with this, though – first, if there are more than two of you exchanging messages, either everyone has to have a copy of the same key, or you have to keep track of a very large keyring full of keys for every person you communicate with. The second problem is the fact that at some point while setting this up, you have to convey the key to everyone in an insecure manner. You have to tell the other people the password on the phone, or out loud in person, or written plainly on a piece of paper, or whatever. This presents an opportunity for someone else lurking nearby to find out about it. What’s worse, since the key/password is “shared”, not only can the lurker now read the messages you send to your friend if he or she can just intercept the box temporarily, they can also read messages sent in reply, or to anyone else who’s using the same key.
The alternative is “Public Key Infrastructure” (“PKI”). SSL is an implementation of the concept, as is PGP (See also Mozilla Thunderbird’s enigmail extension for PGP encryption support for your email). In this much more secure scheme, you only send your friend enough to let them encode the message, but not to decode it. By analogy, it’s like sending them a lockable box with an open lock attached, while you keep the only key. They put the message in, lock it, and send it to you. Nobody between them and you can read the message. You send your replies to them in a similar box that they send to you with their own lock attached. Digitally, you generate a complicated “private key” code that you use to decode messages sent to you, and from THAT you generate a “public key” – the equivalent of the box with the open lock. You can safely give this out to anyone, since it can only be used to send secret messages TO you: messages encoded with the “public” key can only be decoded with the “private” key.
That does leave one potential problem though – what if someone ELSE manages to masquerade as the message-box carrier, and he makes and delivers to you a box that looks just like the one that belongs to your trusted friend, maybe with a message saying “Hey, it’s urgent, I REALLY need to borrow $20, but I’ll pay you back tomorrow – please put $20 in the box”? It looks an awful lot like your friend’s box, so you stick $20 in it and send it off, and the fraudster in the messages stream between you and your friend walks off with it. This is referred to as a “Man in the Middle” attack.
The solution to that is “signatures” – every public key is “signed” by someone who is assumed to have somehow confirmed that the person with the public key is who they claim to be – as though the lock on our metaphorical message box is now engraved with: “Joe Schmoe paid us $25, so we checked his driver’s license and sure enough it was him. You have our word on that for 365 more days after which point we’ll have him come in and pay us another $25 to do it again. Signed, Verisign®”. Assuming you trust Verisign to verify this, you can feel confident that it really is Joe Schmoe sending you the message asking you to let him borrow your car keys. The digital version is slightly more complicated than this and much harder to forge, but the analogy will serve.
If Joe Schmoe doesn’t care about needing your car keys or credit cards or whatever, though, he can just engrave the lock himself. “Joe Schmoe didn’t pay anybody anything, but take my word for it, this lock really does belong to Joe Schmoe. Signed, Joe Schmoe.” Many times, you’re really not worried about anything more than deterring casual snooping. Nobody’s going to go to the trouble of crafting a fake “Joe Schmoe Message Lockbox” and finding a way to intercept your messages in order to steal your precious Secret Ginger Cookies Recipe or to see if you and Joe are maybe sending dirty jokes to each other or whatever, but maybe you don’t want your message carrier to read your messages and find out either way. There’s no point in paying some Internet Public Notary once a year to “verify” that the person asking you to tell him “how the one about the Pokemon™ character and Minnie Mouse™ goes” really is your dorky friend Joe Schmoe and not an imposter.
This brings us to Firefox 3. It used to be that self-signed encryption certificates popped up a simple message letting you know that although your connection was encrypted and safe from eavesdropping between you and the server, you only had the sending site’s word that they were who they said they were, so are you sure you want to connect anyway? As far as I know, every other major web browser still behaves that way, but Firefox 3 has gotten overzealous about being “more secure” than everyone else, and now claims that self-signed certificates are “invalid”, presenting the user with a misleading scary popup box full of jargon about the “invalid” certificate possibly being fraudulent. If you know what you’re doing, you can click your way through a few layers of windows at this point and tell Firefox 3 “Yes, shut up, I know it’s self-signed, I don’t think Al Qaeda set up a fake web-site to steal the ‘list of 10 things I’d do with a stale twinkie if I was stranded alone on a desert island with one’ that I’m posting to the ‘naughty junk food stories’ discussion board. I just don’t want everybody else in the hotel knowing that I’m doing it.” Of course, Firefox 3 acts all along as though it’s your butler and you’re telling him that you want him to open the front door for a stranger there carrying a bag and a gun and wearing panty-hose over his head. If you don’t know what you’re doing, the messages scare you away, and you just use an unencryted link to avoid the scary message, and hope nobody else in the hotel happens to be watching the wireless network traffic…
In short, if you are running your own server, Mozilla insists that you must go ask permission from Verisign or one of the other “trusted” corporations that Firefox knows about if you want your users to be able to use encryption. You cannot possibly be using encryption legitimately unless you’ve paid one of them for their signature, apparently.
My problem with this isn’t the money, really. In fact, apparently at least one of the corporations on Mozilla’s list of approved “Certificate Authorities” offers basic service for no charge, and even the ones that charge you often don’t charge more than a buck or two per month. It’s not even much of a technical issue, since it doesn’t look like it’s too much more of a hassle to get a certificate from an “approved” Certificate Authority than to generate one’s own self-signed one. If this were being done by Microsoft Internet Explorer or Apple Safari or some other proprietary browser I doubt I’d even blink. But Mozilla Firefox? Darling of the “Free and Open Source Software” world (and in my opinion, aside from this one issue perhaps the best browser available), where the desire for freedom from third-party restrictions prompts efforts against proprietary multimedia schemes, Digital Restrictions Management (DRM), and the use of patents to prevent innovation? THEY are effectively suggesting that you can’t be legitimately enabling encrypted connections to your servers unless you’ve asked for authorization from an approved third party? Seriously? That seems like a pretty serious deviation from what the “Free and Open Source” philosophy is supposed to be.
I kind of doubt that’s what they intend to be doing here, but they are. I believe the core problem is that Mozilla has fallen into the trap of thinking about the “consumer” internet rather than the “participant” internet. I most certainly would expect, say, Amazon.com to present some additional verification to me before I send them my credit card information over the internet in exchange for “Oprah’s latest book pick” or something, but the same should not necessarily apply to someone who just wants to set up a casual message board, or whistleblower discussion site, or political dissident site (and the latter two cases might very well be worried about trying to contact a Central Authority for permission to set up the site’s encryption.) In their eagerness to show off how harsh they’re willing to be to protect Joe and Jane Netshopper from a fake paypal site, they’ve effectively said “if you don’t get permission from one of our Trusted Authorities, you’d better hope your Firefox 3 users are geeky enough to understand what’s going on if you don’t want their whole apartment complex to be able to spy on what they’re telling you.” For “Free Software”, that’s just wrong.
If I were Supreme Overlord of Mozilla, I’d be demanding one of two corrections – either correct the interface for dealing with self-signed certificates to quit trying to scare people away from them…or at least don’t treat such servers as any less secure than ordinary (unencrypted) pages with no certificate at all (i.e. encrypt the traffic, but don’t display the happy little Green Lock of Security icon that pages encrypted with “authorized” certificates get.) Since I’m not Supreme Overlord, though, I’ll have to settle for whining on my blog. Don’t worry, I only plan to do it this once and get it out of my system.
Executive Summary: Self-signed certificates mean “not authenticated”, not “fraudulently authenticated”, but Mozilla no longer believes the distinction matters if Firefox 3’s behavior is an indication of this.
Additional note: so far, the developers seem like they’re clinging to the new “OMG WTF HACKERS COME TO STEAL YOUR PRECIOUS! CLICK SEVERAL TIMES ON CONFUSING MESSAGES TO CONTINUE BUT DON’T COME CRYING TO US WHEN THEY RAPE YOUR HARD DRIVE!” user interface for this, so as of right now I predict that other than some minor changes to the wording to maybe explain slightly better what’s really going on there will be no real corrections any time soon. There is, however, another way around this mess, even if you want no third parties involved in setting up your encryption at all – you can run your own certificate authority. Your users will still have to deal with a popup, but only once for all the certificates you may want to generate for yourself in the future. If anybody cares, I can try putting together a post on how that can be done.