Google: Maintaining digital certificate security

Posted Mar 24, 2015 23:00 UTC (Tue) by josh (subscriber, #17465)
In reply to: Google: Maintaining digital certificate security by robbe
Parent article: Google: Maintaining digital certificate security

> But it's not easy nor convenient to do at scale, especially not for for Firefox¹ or mobile devices.

Good. It should be absurdly hard. If it were easier, more people would do it.

Google: Maintaining digital certificate security

Posted Mar 24, 2015 23:18 UTC (Tue) by pboddie (guest, #50784) [Link]

Indeed, plenty of unscrupulous people would rather like to be the Superfish in their own little pond.

Google: Maintaining digital certificate security

Posted Mar 25, 2015 6:44 UTC (Wed) by epa (subscriber, #39769) [Link]

I think that's just security through obscurity. It should be possible with a few clicks to add new certificates and set up a MITM proxy, so that the risks are more widely understood. A tamper-proof Firefox is not possible without locking down the whole system - though that may yet prove to be an answer. (I can imagine your phone not allowing you to install different certs, or replace the browser code, without going into 'developer mode' which flashes a big red warning. So then if you are using a name-brand phone you bought new from the shop, you have some confidence it can communicate securely. If (a big if) you trust the phone maker, that is...)

Google: Maintaining digital certificate security

Posted Mar 26, 2015 21:30 UTC (Thu) by robbe (guest, #16131) [Link] (1 responses)

So above (637615) you are saying, that you support the right of the employer to intercept (I don't by the way) ... but it should be made as hard as possible?

Unfortunately, the employer will just stay with IE in this case. Not installing Firefox is certainly easier than rolling it out *and* fudging one or more certificates into its trusted store.

Maybe a better way is to make adding a MITM cert easier, but show a different visual cue in the "security indicator" next to the URL. Example:

Padlock: we're pretty sure nobody can listen in
Stethoscope: someone is watching your decrypted traffic, ostensibly for malware, but insulting your boss or planning a coup is probably not a good idea either
Megaphone: only politeness protects you, don't do anything you wouldn't do in the cafeteria

Google: Maintaining digital certificate security

Posted Mar 26, 2015 22:19 UTC (Thu) by josh (subscriber, #17465) [Link]

To clarify, I'm not saying it should be gratuitously difficult to add a new CA to a machine you control/administer. I'm just saying that you should never be able to MITM traffic *without* that step, such as with a certificate chaining to a CA already in browsers. When I said it should be difficult, I just mean that I have zero sympathy for prospective eavesdroppers complaining that it's too hard to install a new CA on every device.

As far as the right to do so: in my opinion, the provider of a network can intercept traffic if they want, but should not be allowed to do so without notice and consent.