With the release of Firefox 3.0 there has been a bit of controversy over how it handles self-signed certificates.  It seems that Firefox makes it difficult to use self-signed certificates and some people are complaining about it.  Here at StillSecure we use self-signed certs in our products and we had to change how we do things to make it work.  However, there are than people like Lauren Weinstein who says that this is a step backward for Firefox because it makes it harder to send encrypted traffic. While I understand that it does make it harder, I think Lauren misses the forest for the trees here.  The whole point of certificates are to prove identity. In fact they are called identity certificates. 

The underlying reason for certificates is to ensure that the identity of the person or entity sending it is in fact genuine. It enables the the encryption function.  In Weinstein's rant, somehow he has this bass akwards. Identity is secondary to encryption.  He says, "Firefox is now putting so much emphasis on identity confirmation".  For good reason I say!  If we allow the whole idea of identity certs to be subverted for ease of encryption we are opening ourselves up to a whole range of bad things like phishing attacks, man in the middle, etc..

I say in our fervor to encrypt everything, lets not forget the importance of trust of identity that certificates enable.  Without that the whole system crumbles.  Now that being said, I agree that Firefox's GUI around handling these certificates could be better. It appears to be confusing to say the least.  But again we can fix that without sacrificing the validity of certificates.

I should mention that I ran some of my ideas on this issue by Joel Snyder and StillSecure's own Andrew Grealy.