Mozilla Firefox 3 so far seems to be a nice improvement over the already-pretty-good Firefox 2, but in one particular respect it’s doing something that I think is very bad. As of Firefox 3, the Mozilla corporation apparently no longer believes that anyone can legitimately encrypt the traffic on their own servers without permission from a “professional”. A well-meaning attempt to protect “consumers” on the internet has gone a bit too far and crossed an important philosophical line, in my opinion. (Oh, and sorry for the long block of imageless text that is this post – I couldn’t find any appropriate images to sprinkle in here.)
This all has to do with the way Mozilla now has Firefox 3 treating a particular type of “SSL” encryption mechanism. To understand the problem it might help to have a little bit of possibly oversimplified background…
Imagine you want to exchange messages with someone else and you don’t want other people to eavesdrop on you. You might get a strong box and a lock for it. You get two keys for the lock, and give one to your friend. Then, you can just lock your messages in the box and send it to your friend, who uses their own copy of the key to unlock it (and can then place their reply back in the same box and send it back to you). This is the way it used to be done digitally – you and your friend would agree on a “password”, and that password would be used to encode and decode the messages. This is the “shared key” model of encryption.
There are two problems with this, though – first, if there are more than two of you exchanging messages, either everyone has to have a copy of the same key, or you have to keep track of a very large keyring full of keys for every person you communicate with. The second problem is the fact that at some point while setting this up, you have to convey the key to everyone in an insecure manner. You have to tell the other people the password on the phone, or out loud in person, or written plainly on a piece of paper, or whatever. This presents an opportunity for someone else lurking nearby to find out about it. What’s worse, since the key/password is “shared”, not only can the lurker now read the messages you send to your friend if he or she can just intercept the box temporarily, they can also read messages sent in reply, or to anyone else who’s using the same key.
The alternative is “Public Key Infrastructure” (“PKI”). SSL is an implementation of the concept, as is PGP (See also Mozilla Thunderbird’s enigmail extension for PGP encryption support for your email). In this much more secure scheme, you only send your friend enough to let them encode the message, but not to decode it. By analogy, it’s like sending them a lockable box with an open lock attached, while you keep the only key. They put the message in, lock it, and send it to you. Nobody between them and you can read the message. You send your replies to them in a similar box that they send to you with their own lock attached. Digitally, you generate a complicated “private key” code that you use to decode messages sent to you, and from THAT you generate a “public key” – the equivalent of the box with the open lock. You can safely give this out to anyone, since it can only be used to send secret messages TO you: messages encoded with the “public” key can only be decoded with the “private” key.
That does leave one potential problem though – what if someone ELSE manages to masquerade as the message-box carrier, and he makes and delivers to you a box that looks just like the one that belongs to your trusted friend, maybe with a message saying “Hey, it’s urgent, I REALLY need to borrow $20, but I’ll pay you back tomorrow – please put $20 in the box”? It looks an awful lot like your friend’s box, so you stick $20 in it and send it off, and the fraudster in the messages stream between you and your friend walks off with it. This is referred to as a “Man in the Middle” attack.
The solution to that is “signatures” – every public key is “signed” by someone who is assumed to have somehow confirmed that the person with the public key is who they claim to be – as though the lock on our metaphorical message box is now engraved with: “Joe Schmoe paid us $25, so we checked his driver’s license and sure enough it was him. You have our word on that for 365 more days after which point we’ll have him come in and pay us another $25 to do it again. Signed, Verisign®”. Assuming you trust Verisign to verify this, you can feel confident that it really is Joe Schmoe sending you the message asking you to let him borrow your car keys. The digital version is slightly more complicated than this and much harder to forge, but the analogy will serve.
If Joe Schmoe doesn’t care about needing your car keys or credit cards or whatever, though, he can just engrave the lock himself. “Joe Schmoe didn’t pay anybody anything, but take my word for it, this lock really does belong to Joe Schmoe. Signed, Joe Schmoe.” Many times, you’re really not worried about anything more than deterring casual snooping. Nobody’s going to go to the trouble of crafting a fake “Joe Schmoe Message Lockbox” and finding a way to intercept your messages in order to steal your precious Secret Ginger Cookies Recipe or to see if you and Joe are maybe sending dirty jokes to each other or whatever, but maybe you don’t want your message carrier to read your messages and find out either way. There’s no point in paying some Internet Public Notary once a year to “verify” that the person asking you to tell him “how the one about the Pokemon™ character and Minnie Mouse™ goes” really is your dorky friend Joe Schmoe and not an imposter.
This brings us to Firefox 3. It used to be that self-signed encryption certificates popped up a simple message letting you know that although your connection was encrypted and safe from eavesdropping between you and the server, you only had the sending site’s word that they were who they said they were, so are you sure you want to connect anyway? As far as I know, every other major web browser still behaves that way, but Firefox 3 has gotten overzealous about being “more secure” than everyone else, and now claims that self-signed certificates are “invalid”, presenting the user with a misleading scary popup box full of jargon about the “invalid” certificate possibly being fraudulent. If you know what you’re doing, you can click your way through a few layers of windows at this point and tell Firefox 3 “Yes, shut up, I know it’s self-signed, I don’t think Al Qaeda set up a fake web-site to steal the ‘list of 10 things I’d do with a stale twinkie if I was stranded alone on a desert island with one’ that I’m posting to the ‘naughty junk food stories’ discussion board. I just don’t want everybody else in the hotel knowing that I’m doing it.” Of course, Firefox 3 acts all along as though it’s your butler and you’re telling him that you want him to open the front door for a stranger there carrying a bag and a gun and wearing panty-hose over his head. If you don’t know what you’re doing, the messages scare you away, and you just use an unencryted link to avoid the scary message, and hope nobody else in the hotel happens to be watching the wireless network traffic…
In short, if you are running your own server, Mozilla insists that you must go ask permission from Verisign or one of the other “trusted” corporations that Firefox knows about if you want your users to be able to use encryption. You cannot possibly be using encryption legitimately unless you’ve paid one of them for their signature, apparently.
My problem with this isn’t the money, really. In fact, apparently at least one of the corporations on Mozilla’s list of approved “Certificate Authorities” offers basic service for no charge, and even the ones that charge you often don’t charge more than a buck or two per month. It’s not even much of a technical issue, since it doesn’t look like it’s too much more of a hassle to get a certificate from an “approved” Certificate Authority than to generate one’s own self-signed one. If this were being done by Microsoft Internet Explorer or Apple Safari or some other proprietary browser I doubt I’d even blink. But Mozilla Firefox? Darling of the “Free and Open Source Software” world (and in my opinion, aside from this one issue perhaps the best browser available), where the desire for freedom from third-party restrictions prompts efforts against proprietary multimedia schemes, Digital Restrictions Management (DRM), and the use of patents to prevent innovation? THEY are effectively suggesting that you can’t be legitimately enabling encrypted connections to your servers unless you’ve asked for authorization from an approved third party? Seriously? That seems like a pretty serious deviation from what the “Free and Open Source” philosophy is supposed to be.
I kind of doubt that’s what they intend to be doing here, but they are. I believe the core problem is that Mozilla has fallen into the trap of thinking about the “consumer” internet rather than the “participant” internet. I most certainly would expect, say, Amazon.com to present some additional verification to me before I send them my credit card information over the internet in exchange for “Oprah’s latest book pick” or something, but the same should not necessarily apply to someone who just wants to set up a casual message board, or whistleblower discussion site, or political dissident site (and the latter two cases might very well be worried about trying to contact a Central Authority for permission to set up the site’s encryption.) In their eagerness to show off how harsh they’re willing to be to protect Joe and Jane Netshopper from a fake paypal site, they’ve effectively said “if you don’t get permission from one of our Trusted Authorities, you’d better hope your Firefox 3 users are geeky enough to understand what’s going on if you don’t want their whole apartment complex to be able to spy on what they’re telling you.” For “Free Software”, that’s just wrong.
If I were Supreme Overlord of Mozilla, I’d be demanding one of two corrections – either correct the interface for dealing with self-signed certificates to quit trying to scare people away from them…or at least don’t treat such servers as any less secure than ordinary (unencrypted) pages with no certificate at all (i.e. encrypt the traffic, but don’t display the happy little Green Lock of Security icon that pages encrypted with “authorized” certificates get.) Since I’m not Supreme Overlord, though, I’ll have to settle for whining on my blog. Don’t worry, I only plan to do it this once and get it out of my system.
Executive Summary: Self-signed certificates mean “not authenticated”, not “fraudulently authenticated”, but Mozilla no longer believes the distinction matters if Firefox 3’s behavior is an indication of this.
Additional note: so far, the developers seem like they’re clinging to the new “OMG WTF HACKERS COME TO STEAL YOUR PRECIOUS! CLICK SEVERAL TIMES ON CONFUSING MESSAGES TO CONTINUE BUT DON’T COME CRYING TO US WHEN THEY RAPE YOUR HARD DRIVE!” user interface for this, so as of right now I predict that other than some minor changes to the wording to maybe explain slightly better what’s really going on there will be no real corrections any time soon. There is, however, another way around this mess, even if you want no third parties involved in setting up your encryption at all – you can run your own certificate authority. Your users will still have to deal with a popup, but only once for all the certificates you may want to generate for yourself in the future. If anybody cares, I can try putting together a post on how that can be done.
Easier to send you to Johnathan Nightingale’s excellent blog post than to try to repeat it here.
http://blog.johnath.com/2008/08/05/ssl-question-corner/
– A
It’s an interesting situation. Firefox 3 has just been giving me fits generally. I actually haven’t ran into this particular problem, but I’ve had so many other problems, it’s made me take another look at Opera…
I’ve seen that post – indeed, I commented on it.
The post begins by denigrating people who disagree as merely calling him dumb, claims that people are complaining because firefox 3 is calling self-signed certificates “untrusted” and indirectly accuses people who don’t like it of being cheapskates.
It then spends many paragraphs describing all the ways a hypothetical Evil Hacker Site Might Steal Your Precious by masquerading as some other site using a self-signed certificate and explaining that it really doesn’t cost that much money to pay someone else to authenticate you.. None of that is in question here or anywhere else as far as I can tell Nobody is disputing that an encrypted connection to a site authenticated by a “trusted” third party is more secure than an encrypted connection to a site that is not authenticated. What is in dispute here is the idea that it’s more secure to let people eavesdrop on your unencrypted communications than to allow someone to use do-it-themselves encryption. After all, I don’t get a big scary “This site’s security is invalid: Uses no certificate at all. Click three times to add and exception for this site” dialog when I go to an UNencrypted site.
The post you mention describes firefox 3’s new response to self-signed certificates as:
Which is just plain wrong. This is what Firefox 2 did. If Firefox 3 was still doing this, I doubt we’d be seeing any complaints at all.
Instead Firefox 3 says something like: ““Secure connection failed
uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)”
It doesn’t accurately describe the situation at all. The certificate is not “invalid”, and the new wording plainly implies to most users that self-signed certificates are somehow for nefarious purposes (yes, people who are familiar with PKI terminology will know that “untrusted” has a very specific meaning here. Everyone ELSE will likely get the implication that the site should be “distrusted” rather than it being “unverified”.)
It does not address the concern that this seems to be intended to scare “consumers” into a “better safe than sorry” state, at the expense of anyone who wants to offer a casual use for encryption outside of “consumer” uses of the internet.
And most importantly again – regardless of the noble intent to “protect consumers”, this is still plainly (hopefully unintentionally) Mozilla actively fighting use of encryption without consultation of a third party, which for most other browsers I’d simply chalk up to trying to drive business to “partner” Certificate Authorities in the name of “improving security” and get on with life – heck, I’d probably even just shrug and go get startssl to generate a certificate for me to avoid people having to see the misleading error message.
But since when does “Free and Open Source” software insist that you must consult a professional before doing something with your own servers? (And, no, the fact that you can tediously click your way through the menus and bypass the insistence doesn’t change the fact that it is there.)
Let me re-summarize: Mozilla now says that a certificate you sign yourself is the same as a certificate signed by “Russian Guyovitch’s Phishing and 419 Scam Emporium”, and is quite insistent about it. At this point, “Do-It-Yourself” hobbyists are probably getting really tired of being accused of criminal activity, which is no doubt where at least part of the emphatic dislike of the new interface comes from. Chemistry and electronics hobbyists already have to worry about being accused of terrorism. Brewers have to worry about being accused of having a “drug lab”. Do internet hobbyists really want to be accused of attempted credit-card theft?
haha, thanks! I’m just pretty stoked that someone other than my girlfriend has read my blog.
But the reason why I left Chaminade University in such a short amount of time isn’t because I turned the president’s dog into some mutant (well my English 101 professor’s dog did die in the classroom while I was in it, but I had no involvement in that, I swear it was totally of natural causes). The reason why I decided to finish the rest of my undergrad stuff at home is because of some family health issues.
So I’m still a student in college, I’m just no longer a student of the upward bound program. The upward bound program is for high school students. I probably should’ve made that clearer.
And I’m totally stoked you approve of my major. It gives me a major boost to my ego, haha.
You hear that, Internet? Random strangers *DO* care if I approve of what they do! KNEEL BEFORE ME, INTERNET….
Ahem. Sorry. I’m okay now…
As for Firefox 3 – I actually have not had any real problems with it personally. Even the issue I’m talking about here has only slightly affected me personally (I think I’ve run into one or two sites where I’ve had to do the silly click-many-times dance to use).
On the other hand, Massachusetts War On Science And Technology (LED’s = “infernal machine“, for example, and the more recent freak-out and property-confiscation over a serious home-based scientist working with “chemicals” despite admitting that the “chemicals” were no more hazardous than ordinary household cleaning chemicals) hasn’t affected me personally, either, but it still worries me.