The Untrusted Certificate Dialog

Lots of good comments on my post about informed choices and real security, it would be nice to see some good open source solutions out there. And I’m glad I didn’t bump into david on the street that day, he has more good ideas about the issues of phishing and SSL certs.

To follow up a bit more I spent a little time examining this crazy dialog. I’m not trying to pick on firefox, but it’s an excellent example of where things can go wrong. And in a lot of places they go right, we definitely aren’t at this point.

I couldn’t find a site right away that brings up this issue even though I feel like it happens somewhat often. So I grabbed a screenshot I found and changed the URL, but here’s how the dialog would look if you just found an issue with

Firefox Certificate Dialog

Because I’m like the Lorax who speaks for the users I’ve translated the options available in the dialog so they can be read from the point of view of someone who doesn’t understand the underlying technology. I also added what is a little bit of reality as well.

Firefox Certificate Dialog Breakdown

1Unable to verify the identity of as a trusted site
The website you’re looking at is not configured correctly. This error is not your fault.

2Possible reasons for this error
We used this dialog for a couple awkward reasons, but this error has nothing to do with anything you did

  • A. Your browser does not recognize the Certificate Authority…
    Something could be wrong with the browser software. Odds are you can’t fix this. It might be nice if the browser software could check for an update right now or allow you do make it check.
  • B. The site’s certificate is incomplete due to a server misconfiguration
    The web site maintainer has made an all too common mistake. There’s really, really, pretty much nothing you can do about this error. Thanks for reading it!
  • C. You are connected to a site pretending to be …
    Something evil could be going on! Someone might be trying to trick you! Though odds are this isn’t true, it’s likely that guilt or the legal department required us to put this dialog up just for this case.

3Please notify the site’s webmaster about this problem
Contact the person who runs the web site. You know who that person is, right? You know how to contact them? It might be nice to offer a mailto address? Maybe not.

4Before accepting this certificate, you should examine the site’s certificate carefully…
Here is a foreign language you never studied in your life, please read it’s message carefully and pick out any grammar errors. Severe grammar errors could indicate a problem, simple grammar errors could just mean it’s a simple mistake. Remember, read carefully!! Fun Fun Fun!

5Accept this certificate… [in a number of different ways with different consequences]
After carefully examining and understanding the certificate you should choose the correct option to proceed safely.

If you’re having trouble with what to do click here. Oh, gotcha! This help is about the dialog, it has no advice for the site itself!

Don’t go to the site you wanted to go to

Go to the site you wanted to go to, but risk losing your soul!

And with all that dialog you still haven’t seen the site itself because the browser blocks the loading, however the blocking is probably for security sake and might be hard to work around. One might find a way to use services like Snap which offer screen captures of sites for free at least then you’d know what you are about to look at.

So the real issue here is that this dialog doesn’t help most people to advance, it is merely an idiot light in car speak. We could say The terrorist threat of this web site is at Yellow, do you wish to proceed? and it would be about as helpful. To protect people from phishing you need a more complete solution, and phishing is a serious problem. Warnings about errors in a site configuration could just be done as subtle warnings such that people interested can take notice while others are able to continue without the dialog litter.

Other Fun Dialogs and Stuff

Alex Faaborg has some good slides from his Web 2.0 Expo Presentation where I got these other screenshots of interesting dialogs that provide choices, but maybe not in the way we want. The POSTDATA dialog is a tough one to fix and I don’t think I have any real ways to improve that, but boy does it suck.

Firefox POSTDATA Dialog Firefox POSTDATA Dialog is Not Human Readable

Informed choices and real security

David makes an excellent point about choices in a user interface. What David assumes in his post is that I think people shouldn’t be able to make informed choices in their Desktop interface. Well that’s not true, what’s missing my my previous post is that I don’t want to take away peoples ability to make informed choices, however I do want to stop the computer from forcing people into making uninformed guesses.

People who understand SSL and Certificates need to be notified if a site is incorrectly using them so they can choose to discontinue using that site if the situation merits that. Most of the time the issue with these is just a misconfiguration, and for someone who understands those technologies it’s not hard to spot. However most people don’t understand those technologies.

The decision is more complicated than this, but when building a web browser there are a couple paths the creators could take related to handling certificates.

  • Deny people from browsing to sites that don’t have correctly signed certificates, no choices (security for all)
  • Ignore certificates completely (no security for anyone)
  • Ask every person using the web browser to examine bad certificates for validity (security for few)
  • Or a New Solution (security for most)

My assumption is that most people don’t understand SSL and Certificates. I think that’s a pretty solid assumption so lets put a number on it, like 90% of people don’t understand the technology; seems a fair number. The assumption of the web browser is that if the certificate is bad ask the user if it’s ok to continue. That means the creators of the web browser have to hope for only a 10% chance of getting the right answer from the user. Those are really bad odds.

There are lots of other people talking about usability and security and several papers like Are Usability and Security Two Opposite Directions in Computer Systems? [pdf] and Usability of Security: A Case Study [pdf] on the topic. My Summary: If you want most people who use your software to have a secure experience you can’t ignore their inability to make certain choices about security. This doesn’t mean taking away the choice from them or from you, this means providing methods for them to be informed enough to make a decent choice. Those methods might also save a person in the know some extra time.

Just as an idea point for a new solution. Digg and other sites like it usually have a very low number of key people who push out most of the news that really gets dugg high. You might speculate that it’s a similar ratio to the number of people who understand SSL and Certificates and if a site is safe or not. So if people in the know about safety of a site could “Digg” it such that others would be informed that a “High number of people believe this to be safe” they could make some kind of informed decision about continuing to use the site.

And remember! Safety is no accident