August 03, 2008

Self-signed SSL certificate warnings in Mozilla

Mozilla Firefox 3.0 throws a warning for self-signed certificate, and makes you do a couple of extra clicks to see the contents. Though some think its bad, I'm not sure what the fuss is all about. There are two reasons for the certificates. One is to encrypt the traffic, and the other to make sure no one intercepted your traffic using some kind of man-in-the-middle attack. One cant guarantee the second objective until a respected third party can sign/vouch the certificate. This is why these organizations exist.

imageIf this is such a big issue, the right approach should be for someone to setup a free certificate registry. There are few out there today like startcom, but the browser support on such registries is currently unimpressive.

Speaking on behalf of the 99% of the Internet population who doesn't understand the significance of SSL certificates, I think the decision Mozilla took is courageous and admirable, and other browsers should do something similar if they don't already.

No comments: