Confirmed users
908
edits
Security/Foreign Certificate Warning: Difference between revisions
→Related: link to Chromium security-dev thread
(→Challenges: add "private CA" (for internal sites) challenge) |
(→Related: link to Chromium security-dev thread) |
||
| (13 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{warning|This is just a draft proposal for a new Firefox feature}} | {{warning|This is just a draft proposal for a new Firefox feature}} | ||
== Description == | == Description == | ||
| Line 12: | Line 10: | ||
of the chain for the currently visited site. | of the chain for the currently visited site. | ||
[[File:Root-cert-banner2.png| | === Non-dimissability === | ||
[[File:Foreign-cert-warning-flow.png|300px|thumb|right|Flow]] | |||
[[File:Root-cert-banner2.png|300px|thumb|right|Toolbar Indicator]] | |||
[[File:Foreign-cert-warning-page.PNG|300px|thumb|right|Information Page]] | |||
There are three axes to look at when considering how ''dismissable'' the banner should be: | |||
* How easy is it to dismiss? | |||
*# It's not dismissable at all. | |||
*# You need to click on the banner, read the explanation page, and scroll down to find the "dismiss" button. | |||
*# You click the X on the banner. | |||
* How long does it stay dismissed? | |||
*# It shows up next time you navigate to a page that meets the triggering conditions. | |||
*# It's gone until you close the browser. | |||
*# It's gone for 30 days. | |||
*# It's gone forever (in that browser profile). | |||
* How hidden is it once it's dimissed? | |||
*# The message is shorter, but it's still there. | |||
*# It gets down to just a warning icon (which could expand when you mouse over it). | |||
*# It's completely gone from the UI. | |||
== Requirements == | == Requirements == | ||
| Line 55: | Line 72: | ||
# The name of the certificate issuer is under the controller of the person minting the cert (i.e. the attacker in malicious cases). | # The name of the certificate issuer is under the controller of the person minting the cert (i.e. the attacker in malicious cases). | ||
# Organizations using private CAs would be affected by this even though in this case there is no MITM (see [https://code.google.com/p/chromium/issues/detail?id=81623#c20 rsleevi's comment] on a similar feature). | # Organizations using private CAs would be affected by this even though in this case there is no MITM (see [https://code.google.com/p/chromium/issues/detail?id=81623#c20 rsleevi's comment] on a similar feature). | ||
#* | #* It's not clear whether this would be perceived as bad for internal sites (see [https://code.google.com/p/chromium/issues/detail?id=81623#c28 mnot's comment]). | ||
# Giving users a simple explanation for why this is something they should worry about and giving them some actionable suggestions for resolution/mitigation. | |||
== Related == | == Related == | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1135776 Bug 1135776]: show a different UI for certificates issued by non-built-in root certificates | * [https://bugzilla.mozilla.org/show_bug.cgi?id=1135776 Bug 1135776]: show a different UI for certificates issued by non-built-in root certificates | ||
* [https://code.google.com/p/chromium/issues/detail?id=81623 Chromium bug 81623] (equivalent Chromium bug) | |||
* [https://docs.google.com/a/mozilla.com/presentation/d/1TNFx6eaQVfe83PV80-FZ39QY1dSLGCWW8f2i5-NeJ48/edit Improving SSL warnings], a presentation by Adrienne Porter Felt, Chrome Security Team | |||
* [https://groups.google.com/a/chromium.org/d/topic/security-dev/alqnzXj2bjI/discussion Discussion on why Chrome hasn't done it yet] | |||
* Android shows a similar warning when using a VPN app: | |||
<gallery mode=packed heights="400px"> | |||
File:Android-vpn-warning1.png|warning in the settings panel | |||
File:Android-vpn-warning2.png|explanation page (after clicking on warning) | |||
</gallery> | |||