[Enhancement] Warn about suspicious certificate changes

RESOLVED DUPLICATE of bug 471798

Status

()

enhancement
RESOLVED DUPLICATE of bug 471798
9 years ago
7 years ago

People

(Reporter: mozilla, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc11 Firefox/3.5.8
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc11 Firefox/3.5.8

I just read a rather scary article on EFF's web site:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl

In summary, they outline the risks of government-sponsored man-in-the-middle attacks. The worst aspect is that you are not only vulnerable to attacks by your own government (or by the government which has jurisdiction over the SSL website you visit), but also by any government who has a CA in the list trusted by Mozilla.

In order to mitigate these risks, Mozilla could check for some "suspicious" certificate changes, and warn about those:

1. Any certificate change way before its expiration date (if now is March 31st 2010, and if site changes certificate even though its old one was still good until December 2012, warn)
2. Change of certification authority (Say, if the site's certificate used to be signed by Thawte at the last visit, but now is signed by China CA, warn)
3. Like #2, but associate a "goodness" score with each CA, and warn more loudly if that goodness drops
4. Warn if CA and website location does not make sense (such as a Brazilian Web Site certified by a Chinese CA). Obviously, some CA's may be marked as global.

Warning should allow you to see both old and new certificate side-by-side.

Warning would not be shown if key is same (because, in a Mitm attack, the public&private keys would have to change)

Reproducible: Always

Steps to Reproduce:
1. Get your web site signed by two CA's that Mozilla trusts (such as Verisign and Rapidssl)
2. Install first certificate in web server
3. Visit site
4. Install second certificate in web server
5. Visit site again
Actual Results:  
No warning after certificate changed

Expected Results:  
Mozilla should warn for any suspicious change (such as certificate changed way before its expiration date)
Reporter

Updated

9 years ago
Component: General → Security
Priority: -- → P4
Priority: P4 → --
QA Contact: general → firefox

Updated

9 years ago
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 471798
You need to log in before you can comment on or make changes to this bug.