143078 - Importing cert by p12 file w/ unknown CA should prompt the user to add trust

Status: RESOLVED WONTFIX

(Core Graveyard :: Security: UI, defect, P1)

Description

[Kai Engert (:KaiE:)]

Having not set trust on self's cert leads to confusing behaviour of the application.

A user might create a new profile and restore the cert from a p12 backup file.

Suppose the p12 file was signed by a CA that was previously unknown or untrusted.


Actual behaviour: The cert will be imported, but not trusted.

Expected beahviour: The application should detect that a personal cert from an
untrusted CA is being imported. It should bring this fact to the user's
attention. It should prompt the user and tell him something like:

  Your own cert is not trusted.
  You need to trust the issuing CA before you can use your cert successfully.
  Do you want to edit the trust now?

Comment 1

[Stephane Saux]

I totally agree that this is the correct behavior, but it will probably have to
wait until after RTM.
WE have code somewher that does exactly that, but porting it to MOz would
require ui changes that are not acceptable.

Comment 2

[Stephane Saux]

kai

Comment 3

[Kai Engert (:KaiE:)]

*** Bug 140153 has been marked as a duplicate of this bug. ***

Comment 4

[Kai Engert (:KaiE:)]

*** Bug 140184 has been marked as a duplicate of this bug. ***

Comment 5

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

I disagree. There's no need to ever trust the CA because it doesn't make sense for the platform to verify a user's client or email signing certificate. Ultimately the platform doesn't care if the certificate is valid - the server the user is authenticating to or the recipient of the email is the one who cares. We should just fix this by removing all instances where the platform tries to validate these certificates (that said, the platform could do some basic checks like "is this certificate expired?" and inform the user that a 3rd party is unlikely to accept the certificate as valid in those cases).