Of course CA’s would have to co-operate and set up the CAUDB, itself encrypted through SSL and signed by ALL CA’s. But FF would *know* a priori that a self-signed certificate for the CAUDB would be inacceptable irrespective of the user’s wishes. FF could have the CAUDB SSL key hardwired, and it’s IP address too to prevent DNS attacks. If the CA’s can’t agree on a CAUDB, then FF could hardwire all their IP’s and SSL keys. This way no-one could MITM a CA/CAUDB site.

The only problem I see is if a virus cleverly rewrites FF’s internal, hardwired CA and certificate database. But maybe some hash-function guru could come up with a way to easily catch such an attack. In any case, this problem already exists (or perhaps it doesn’t?).

An advantage would be that a single compromised CA’s signing key would not affect the CAUDB validity as the CAUDB SSL key has to be signed by *ALL* participating CA’s.

As a second point, I would try the following wording in the event of encountering a self-signed SSL key:

“You are entering an encrypted web-site which has not been verified by any internationally recognized verification authority.

- If this is an “important site” (e.g. a bank/shop/online retailer/services) this is VERY DANGEROUS and PROBABLY AN ATTEMPTED FRAUD – DO NOT PROCEED UNLESS YOU ARE CERTAIN THE SITE YOU ARE VISITING IS VALID – please contact the site-owner.

- If this is a less important site (e.g. email/facebook/friend’s website) please contact the site-owner and verify this site’s unique fingerprint code shown below before proceeding.

- More details are shown below. Click “I don’t understand this message” for further instructions.”

How’s that?

Cheers,
Fergal.

But now with 3.0.3 it appears to be unacceptably worse. I can find no way at all to enter an exception. The dialog in the browser itself no longer offers any recourse. It just says “localhost:443 uses an invalid security certificate.” I can not get the certificate imported or entered as an exception in the preferences panel, again because it is claims an self-signed certificate is invalid. WTF! I can’t even enter an exception anymore.

I’m developing web applications, and we DO have the full-on signed certificates – on our production servers. This is absolutely preventing me from developing and testing. (My exception, imported in a previous version, expired tonight and after a couple hours wasted I realize firefox has screwed me.)

Sadly, switching to Safari because I have to get work done.

I signed up for a StartSSL account, but they don’t do subdomains…

Because ssh has a sane UI

thanks for writing this post. It definitely brings some light into the argument of why the UI was rebuilt to be so apparently braindead in FF3.

Also if the pointer to StartSSL (which I will have to look into a bit more) could be published a bit more prominent…

What really gets me about the new Security Dialog:

Firstly: why on earth do I have to click that frickin’ little button to get the certificate! I would expect the browser to fetch it for me while it opens that dialog!

Secondly: I really want an about:config-option to set the default to accept the exception only temporarily, thus saving me another mouse-stunt!

Given the above modifications, I could even live without the enter key automatically choosing ok (as long as the dialog remains navigational using only the keyboard).

My rationale is that most of the time when I personally run into a SSL-site I either want to be sure it’s safe (thus some warning is good) or sometimes I just want to read some (low priority and security) information presented on a self-signed site and then it’s just a p*** in the a** to get to that information and not worth the minutes wasted when researching something and having 20 other tabs that might have also valuable information. But it is entirely possible that the site I ignored due to the FF3 idiocity has exactly the information I really wanted, so to ease my dilemma I’m really condidering switching my browser.

Cheers, and I’d appreciate your feedback

Got the same problem as James but with Errorzilla Mod. In the case of a self-signed cert there is no “add an exception” wayout.

Anyway, thanks for this article about security concerns, it finally convinced me to get a third party signed cert (startssl) to prevent my visitors to get “afraid” by the security warning in FF3.