The Right Way To Handle Encryption With Firefox 3

[Peaches]

The right way to handle encryption with Firefox 3

by Jürgen Schmidt

Secure data transmission on the internet relies on encryption and security certificates. Mozilla has revised the way Firefox 3 handles certificates, but not always for the better. A few modifications will sort things out – and give you more security.

All sorts of information – even critical stuff like passwords and account information – is commonly sent over a connection in the clear, but if you want to keep eavesdroppers at bay, you have to use encryption. Encrypted web sites can be recognised by the "https" ("s" for "secure") instead of "http" in the URL.

How do you know for sure that the correct addressee is actually at the other end of the line? Complying with the advanced encryption standard (AES) in 256 bits is useless if some crook is sitting there, because you're giving information away at no charge. A server operator can have his identity confirmed by a reliable Certificate Authority (CA), so that your browser can check his digital signature and tell you if you're at the right place.

Up to version 2, Firefox did this by colouring the complete address line yellow and displaying a padlock icon. This, as long as you knew what it meant, was hard to miss and its omission was a clear indication of an unencrypted site. Since version 3, Mozilla, like Microsoft with Internet Explorer 7, has been concentrating on extended validation (EV) certificates. With these Certificate Authorities give an assurance that the identity of the applicant has been checked more thoroughly.

Heise security - http://www.h-online.com/security/The-right...features/112797