329822 - assign SSL-Cert to bookmark and warn if relationship changes

Status: RESOLVED WONTFIX

(Toolkit :: Safe Browsing, enhancement)

Description

[BB]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1

is that a good idea? ->

it should be mandatory, that the user manually confirms the validity of an SSL-Cert, if he bookmarks an HTTPS site. he might deny to do so on his own good (like password reminder: lets do it, lets not do it this time, not for this site, ask never again).

once the cert is verified, the browser stores it and checks if it changed everytime the bookmark is used. so unless someone hacked your system, the browser would warn you, if the cert changed / you will be redirected / phishing was going on.

Reproducible: Always

Actual Results:  
i click the bookmark, some page opens. if that REALLY is the page i bookmarked weeks ago... who know? i would not want to check the cert everytime i visit

Expected Results:  
the browser asks me to verify the cert once and keeps track, that it will not change in the future.

Comment 1

[Mike Connor [:mconnor]]

we want to do this, not for bookmarks, and in a way that doesn't give false positives when certs are renewed/upgraded.

Comment 2

[Johnathan Nightingale [:johnath]]

mconnor - I think your intended DUPEME target is bug 398721 but that's different enough (being more about evolving trust of self-signed certs over repeated visits than about pinning trust of even CA-signed certificates on bookmarks) that this bug might merit its own disposition.

BB - what you describe is how Firefox behaves with self-signed certificates - if you visit a site with an untrusted certificate, we will ask you to add an exception if you're sure this is a legitimate site, and that will persist until the site's certificate changes.  However, we are unlikely to implement a system that creates warnings when a site moves from one CA-signed certificate to another, since that is a regular process sites undergo during expiration, and since we (implicitly and explicitly) trust CAs to verify domain ownership for the certificates they issue.

I suspect you'll find the content of bug 398721 interesting, and similar in some ways to what you are describing, but the approach you describe here is largely already implemented for untrusted certificates, and will not be implemented for trusted certificates, so I'm marking this WONTFIX.  I do appreciate you making the suggestion, though; "WONTFIX" makes it sound like we're being grumpy, but all it means is that we are not going to make the change as described.