Self-signed certificate behavior.

[Nat Tuck]

I recently made a blog post complaining about the behavior in Firefox
3 re: self-signed certificates.
  http://pandion.ferrus.net/2008/07/31/mozilla-ssl-policy-bad-for-the-web

After that post got Slashdotted, I got an email from Giuseppe Scrivano
saying that he was interested in implementing better certificate
behavior in IceCat. The question is this:
What is the optimal certificate handling behavior for a web browser?

A self-signed certificate or a certificate signed by an unknown
certificate authority shouldn't be treated as an error. Sites with
such certificates are no less secure than unencrypted sites. They also
shouldn't be marked the same as PKI authenticated sites, since they
haven't been authenticated in any way.

The current behavior of Firefox 3 - showing a scary warning page
instead of any unauthenticated https site - does protect against one
specific attack compared to simply allowing self-signed certificates.
If the attacker has control over the user's DNS and the user is
visiting a https URL directly (i.e. through a bookmark), this behavior
will prevent the attacker from simply redirecting the user to his
phishing site with a self signed certificate on it.

Any new interface should have some mechanism to at least warn about
that attack - I suggest storing a certificate the first time a user
visits a secure site and notifying the user if the site ever presents
a different certificate. This also provides some protection against
MITM attacks with self-signed certificates. The warning can't be too
scary though - this will happen every time a certificate expires and
is replaced.

Thoughts?

-- Nat Tuck