Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Warnings about non-default certs in Private Browsing Mode?

22 views
Skip to first unread message

Gervase Markham

unread,
Mar 27, 2013, 5:29:58 AM3/27/13
to mozilla-de...@lists.mozilla.org
I wanted to raise a suggestion from John Nagle to the status of a new
thread. John suggested that, in Private Browsing Mode only, Firefox
should inform the user if they make a secure connection using a
certificate which is not one of the default set in NSS's root store.

The logic is that if a user is using PBM, they are unlikely to be
browsing their own intranet, or other location where the certificate
chains up to a manually-installed cert. Therefore, if one is being used,
they are likely to be being MITMed. They may have consented to this,
e.g. at a workplace - hence the suggestion that this is a prominent user
interface indicator, e.g. a non-dismissable infobar, rather than a
blocking page or red scary warning.

Do people think this makes any sense?

Gerv

Ian Melven

unread,
Mar 27, 2013, 12:19:28 PM3/27/13
to Gervase Markham, mozilla-de...@lists.mozilla.org

the current threat model for private browsing mode doesn't include
network attackers and is very limited in scope.

another very common MITM situation is a captive portal on public wireless.

personally, i'm reluctant to conflate network attacks with private browsing mode,
i believe it's already difficult for users to understand what private browsing
mode does and doesn't protect against and i think this would make it more so.

IMO, it would be more productive to focus on captive portal detection
and more specific/differentiated SSL warnings for all browsing modes.

thanks,
ian
_______________________________________________
dev-security mailing list
dev-se...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security

Gervase Markham

unread,
Mar 27, 2013, 2:44:15 PM3/27/13
to Ian Melven
On 27/03/13 16:19, Ian Melven wrote:
> another very common MITM situation is a captive portal on public wireless.

True; I think a warning is entirely appropriate in that situation.

> personally, i'm reluctant to conflate network attacks with private browsing mode,
> i believe it's already difficult for users to understand what private browsing
> mode does and doesn't protect against and i think this would make it more so.
>
> IMO, it would be more productive to focus on captive portal detection
> and more specific/differentiated SSL warnings for all browsing modes.

Fair enough.

Gerv


Michael Ströder

unread,
Apr 7, 2013, 9:00:09 AM4/7/13
to mozilla-de...@lists.mozilla.org
Given the fact that there are so many CA certs pre-installed as "trusted"
issued by CAs with dubious reputation I'd rather vote for displaying a warning
to make the user explicitly accept a certain CA cert for a given DNS name once.

Ciao, Michael.

0 new messages