Self-signed certificates: MITM vs. phishing
So there's been a lot of controversy recently about how Firefox handles self-signed certificates. In general, it makes it rather difficult and scary to visit an SSL website with a self-signed certificate rather than a certificate-authority-signed certificate.
There seem to be much better ways of dealing with self-signed certificates, like the clever new Perspectives system, which would address the overwhelmingly most plausible man-in-the-middle attack models in the Western world.
Having just seen a presentation at eBay on phishing, I'm curious whether Firefox's default behavior is aimed at preventing man-in-the-middle attacks or whether the Firefox developers actually want to discourage the use of self-signed certificates in general, apart from the extent to which they expose users to man-in-the-middle risks. Does it bother the Firefox developers more that you might be getting spied upon (or getting data injected) by the operator of your local access network, or that Firefox might correctly assert that the self-signed SSL certificate is valid when you visit a botnet-hosted fraudulent phishing site over SSL?
There's actually a tension in practice between the use of SSL to identify sites (especially to make them appear legitimate or trustworthy) and the use of the SSL to protect against eavesdropping or spoofing by network operators. If you want to protect against eavesdropping, you would ideally find some way to make SSL use cheap and ubiquitous so that every site has a convenient path to enabling SSL or even making it mandatory. If you want to use SSL to indicate that a site is legitimate or trustworthy, you might want to force people to go through the path of conducting a commercial transaction with a CA before they can get the lock icon, etc., to display for users visiting their pages. You might even prefer that the lock icon show up relatively rarely so that users are reluctant to give personal information when it doesn't appear -- not because of the traditional eavesdropping concerns, but because of the more novel phishing concerns.
