Security/Features/Strange SSL Cert Change Alert
|Product manager||Sid Stamm|
|Directly Responsible Individual||`|
|Security lead||Curtis Koenig|
|Privacy lead||Sid Stamm|
|Product marketing lead||`|
|Additional members||Tom Lowenthal|
Any notary-based component has the potential to be a privacy threat to users.
Stage 1: Definition
1. Feature overview
Under current SSL PKI, any CA can issue a certificate for any service, making any CA a potential point of total failure. At least several CA's, including Comodo and DigiNotar have been successfully attacked, and have issued cryptographicall valid but incorrect certificates for a number of sites, including *.*.com and *.*.org. So: current PKI may validate certificates that are not actually correct.
When users trust SSL, they may put financial or sensitive personal information on the line. If the certificate they trust is part of a MITM attack by a criminal gang, a user's money may be stolen. If the certificate they trust is part of a MITM by an oppressive government, they may be tortured to death.
Some of the time, these incorrect certificates would be obviously suspicious to manual inspection, even though they satisfy the automated PKI requirements. For instance, if a popular US-based mail service appears to have renewed its two-month-old SSL certificate at a small Dutch CA, something may be amiss.
Firefox should heuristically attempt to identify some of these cases, and should warn the user or perform additional checks if there is reason to be suspicious of a certificate.
2. Users & use cases
All users benefit whenever they trust an SSL connection.
The following are examples of situations which might prompt suspicion: - a site's certificate changes from one CA to another; - a site's certificate changes when it is not near expiry; or - a site's certificate changes from EV to DV.
The following are examples of actions Firefox might take if a certificate is suspicious: - treat the certificate as untrusted; - contact a Mozilla-run notary to ask about the certificate; or - contact a Mozilla-run notary to warn about a suspected attack.
Any combination of suspicion and notary must not be an effective tool to spy on users.
If suspicion leads to distrust, the heuristics should not have high false-positive rates.
This feature is not intented to replace PKI, but to supplement it with an additional sanity check.
Stage 2: Design
5. Functional specification
6. User experience design
Stage 3: Planning
7. Implementation plan
The MVP for this feature is: - whenever we see a trusted certificate, remember its CA; - whenever we see a new certificate for a site, if the new CA is different from the old CA, treat the new certificate as being untrusted.
We can potentially add more complexity in subsequent releases.
Additional heuristics to identify a "suspicious" certificate might include: - this certificate is new, and the old one was nowhere near expiry; - this certificate is new, and the old one was from a different intermeiate CA of this CA.
Additional actions to take if a certificate is suspicious might include: - provide the user with a soft warning; - contact a Perspectives-Convergence-style notary run by Mozilla, to see whether we see the same certificate; - contact a Mozilla-run notary to report a suspected attack.
Quality Assurance review
Stage 4: Development
Stage 5: Release
10. Landing criteria
|Theme / Goal||Product Hardening|
|Secondary roadmap||User Support|
Team status notes