Closed Bug 1007275 Opened 10 years ago Closed 8 years ago

Need more control of OCSP failures

Categories

(Core :: Security, enhancement)

Product:
Core
Component:
Security
Version:
32 Branch
Platform:
x86_64
Windows 7
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: marcausl, Unassigned)

References

(Blocks 1 open bug)

Details

The only behaviors for OCSP (Online Certificate Status Protocol) are

1.  Fail all sites that are not found (described as connection failure)
2.  Accept all sites that are not found

Thus if you choose to visit an OCSP failure site you must disable the check completely and then re-enable it afterwards.

A better way would be to provide an exception pop-up as is done with other certificate issues with choices of accept for this session, except always, or reject.
Blocks: 157555
Product: Firefox → Core
Asking users to make more decisions based on limited information and technologies they may not be familiar with is not a direction we want to go in. Instead of relying on inherently flawed mechanisms like OCSP, we're developing new technologies (e.g. oneCRL, certificate transparency) that will protect users without asking them to make these kinds of decisions.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.