Last Comment Bug 276461 - Permanently accept SSL certificates for POP/IMAP mail
: Permanently accept SSL certificates for POP/IMAP mail
Status: RESOLVED DUPLICATE of bug 255025
:
Product: SeaMonkey
Classification: Client Software
Component: MailNews: Message Display (show other bugs)
: 1.7 Branch
: x86 Windows XP
-- enhancement (vote)
: ---
Assigned To: (not reading, please use seth@sspitzer.org instead)
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-30 04:29 PST by Klaus Johannes Rusch
Modified: 2004-12-31 01:29 PST (History)
0 users
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Screenshot (10.82 KB, image/gif)
2004-12-30 04:32 PST, Klaus Johannes Rusch
no flags Details

Description User image Klaus Johannes Rusch 2004-12-30 04:29:50 PST
When accessing Web sites whose certificate is not valid for some reason
(expired, unknown certification authority, incorrect site name) an option is
given to accept the certificate once or permantently.

With secure POP/IMAP mail such an option is not available, the certificate can
only be accepted for a single session.

It would be desirable to have the same options as with Web site certificates to
the certificate once or permantently.
Comment 1 User image Klaus Johannes Rusch 2004-12-30 04:32:39 PST
Created attachment 169900 [details]
Screenshot
Comment 2 User image Frank Wein [:mcsmurf] 2004-12-30 15:19:13 PST
For "unknown certification authority" you can accept the certificate
permanently, see Bug 221552 (this is broken atm). But this can be fixed by
importing the CA. For the other two reasons (incorrect site name, expired) i
think it is wanted that you can't accept this permanently, since a incorrect
site name should just not happen and the certificate should be fixed.
Comment 3 User image Frank Wein [:mcsmurf] 2004-12-30 15:20:43 PST

*** This bug has been marked as a duplicate of 219678 ***
Comment 4 User image Klaus Johannes Rusch 2004-12-30 15:26:26 PST
> For the other two reasons (incorrect site name, expired) i
> think it is wanted that you can't accept this permanently, since a incorrect
> site name should just not happen and the certificate should be fixed.

A warning once is perfectly right, but then it should be deferred to the
responsibility of the browser user to decide whether or not the certificate
should be accepted, especially when getting the certificate fixed is beyond the
control of the browser users (most of the time).

Forcing the user to accept the warning every time increases the risk that users
will use the non-secure POP/IMAP ports instead, which is worse than knowingly
accepting a certificate whose name does not match (which does not do any harm to
the encryption of the communication).
Comment 5 User image Frank Wein [:mcsmurf] 2004-12-30 15:48:44 PST
This has been discussed before, see dupe. And don't reopen this bug.

*** This bug has been marked as a duplicate of 219678 ***
Comment 6 User image Frank Wein [:mcsmurf] 2004-12-31 01:29:01 PST

*** This bug has been marked as a duplicate of 255025 ***

Note You need to log in before you can comment on or make changes to this bug.