Closed Bug 1012879 Opened 10 years ago Closed 8 years ago

only allow certificate overrides if the user can provide a matching out-of-band certificate fingerprint

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: keeler, Unassigned)

References

Details

Instead of allowing insecure certificate overrides through a series of clicks, we should protect users by ensuring they're seeing the expected certificate by having them provide a certificate fingerprint they received from a (hopefully secure) out-of-band source.
@Cykesiopka : thanks for finding the duplicate, despite the time I spent searching for it I couldn't find it myself.

I would like add to keeler's idea: Verifying certificates with a fingerprint can be seen as a simple and secure way to authenticate a remote server. I think it could even become a "normal" way to authenticate servers when CAs certificates cannot be used easily. 

The most important use case of this approach is that this would enable more widespread use of self-signed certificates in embedded applications: such as securing the connection to appliances, routers, etc. The manufacturer could print on the same label where it prints the MAC address the SSL certificate fingerprint.
This would really be nice, but I doubt we'll ever ship it in Firefox. Might work as an add-on, though.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.