New SSL policy in Firefox hurting tens of thousands of sites
Submitted by jajacobs on Sun, 2008-08-31 09:46.
"SSL" (Secure Sockets Layer) is a standard for establishing an encrypted link between a web server and a browser to ensure that all data passed between the web server and the browser remains private.
The "geeks at Pingdom" describe a problem with the way Firefox version 3 handles "SSL certificates" (which the casual user does not even see under normal conditions):
- New SSL policy in Firefox hurting tens of thousands of sites, Pingdom, August 19, 2008.
If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message, similar to any other browser error (for example a “page not found” 404 message).
...[T]his is not something that only affects smaller websites. For example, the SSL certificate for the official US Army website [https://www.us.army.mil/] is declared invalid by Firefox 3.
See also:
What is SSL? (ssl.com)
SSL (Webopedia)
SSL (Wikipedia)
Bookmark/Search this post with:
One Darn Minute
I think there's another side to this issue, that self signed SSL certificates can be a privacy threat to the non-savvy user. A site can pretend to be a bank, self sign a certificate and phish. How many people do you know who follow the trust path back to its source?
There's an excellent slashdot thread on it:
http://tech.slashdot.org/tech/08/08/22/1139236.shtml
I definitely think you need to outline the *other* side of this issue for your lest savvy users.
Post new comment