Closed Bug 1256961 Opened 9 years ago Closed 7 years ago

Firefox doesn't think a cert for *.boston.com is valid for boston.com

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
44 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: scratch65535, Unassigned)

Details

Attachments

(1 file)

Boston.comCert.jpg
98.43 KB, image/jpeg
Details
Attached image Boston.comCert.jpg
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20160205155049 Steps to reproduce: I was reading comments at boston.com (not www.boston.com) Actual results: I got an "insecure connection!" Expected results: It should have recognised that boston.com is the parent of *.boston.com and thus a cert valid for *.boston.com is ipso facto valid for boston.com.
Keywords: cert-waiver
OS: Unspecified → Windows XP
Hardware: Unspecified → x86
Component: Untriaged → Security
Product: Firefox → Core
From my reading of RFC 6125, *.boston.com isn't valid for boston.com (see https://tools.ietf.org/html/rfc6125#section-6.4.3 ). We can definitely improve the user-experience here, though (for example, I believe Chrome would offer to redirect to www.boston.com in this case - it might even do it automatically).
Wow! I think the authors of 6125 made a mistake in 6.4.2, since the idea that example.org isn't the degenerate case of *.example.org flies in the face of how we treat hierarchical scopes generally. I can't begin to imagine how they could justify that reasoning.
Not happening anymore.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Keywords: cert-waiver
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: