Closed Bug 556258 Opened 15 years ago Closed 15 years ago

[Enhancement] Warn about suspicious certificate changes

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 471798

People

(Reporter: mozilla, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc11 Firefox/3.5.8 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc11 Firefox/3.5.8 I just read a rather scary article on EFF's web site: http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl In summary, they outline the risks of government-sponsored man-in-the-middle attacks. The worst aspect is that you are not only vulnerable to attacks by your own government (or by the government which has jurisdiction over the SSL website you visit), but also by any government who has a CA in the list trusted by Mozilla. In order to mitigate these risks, Mozilla could check for some "suspicious" certificate changes, and warn about those: 1. Any certificate change way before its expiration date (if now is March 31st 2010, and if site changes certificate even though its old one was still good until December 2012, warn) 2. Change of certification authority (Say, if the site's certificate used to be signed by Thawte at the last visit, but now is signed by China CA, warn) 3. Like #2, but associate a "goodness" score with each CA, and warn more loudly if that goodness drops 4. Warn if CA and website location does not make sense (such as a Brazilian Web Site certified by a Chinese CA). Obviously, some CA's may be marked as global. Warning should allow you to see both old and new certificate side-by-side. Warning would not be shown if key is same (because, in a Mitm attack, the public&private keys would have to change) Reproducible: Always Steps to Reproduce: 1. Get your web site signed by two CA's that Mozilla trusts (such as Verisign and Rapidssl) 2. Install first certificate in web server 3. Visit site 4. Install second certificate in web server 5. Visit site again Actual Results: No warning after certificate changed Expected Results: Mozilla should warn for any suspicious change (such as certificate changed way before its expiration date)
Component: General → Security
Priority: -- → P4
Priority: P4 → --
QA Contact: general → firefox
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.