Closed
Bug 143078
Opened 22 years ago
Closed 8 years ago
Importing cert by p12 file w/ unknown CA should prompt the user to add trust
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
RESOLVED
WONTFIX
Future
People
(Reporter: KaiE, Unassigned)
References
Details
(Whiteboard: [kerh-eha][psm-cert-manager])
Having not set trust on self's cert leads to confusing behaviour of the application. A user might create a new profile and restore the cert from a p12 backup file. Suppose the p12 file was signed by a CA that was previously unknown or untrusted. Actual behaviour: The cert will be imported, but not trusted. Expected beahviour: The application should detect that a personal cert from an untrusted CA is being imported. It should bring this fact to the user's attention. It should prompt the user and tell him something like: Your own cert is not trusted. You need to trust the issuing CA before you can use your cert successfully. Do you want to edit the trust now?
Comment 1•22 years ago
|
||
I totally agree that this is the correct behavior, but it will probably have to wait until after RTM. WE have code somewher that does exactly that, but porting it to MOz would require ui changes that are not acceptable.
Priority: -- → P1
Target Milestone: --- → Future
Reporter | ||
Comment 3•19 years ago
|
||
*** Bug 140153 has been marked as a duplicate of this bug. ***
Reporter | ||
Updated•19 years ago
|
Whiteboard: [kerh-eha]
Reporter | ||
Comment 4•19 years ago
|
||
*** Bug 140184 has been marked as a duplicate of this bug. ***
Updated•17 years ago
|
QA Contact: junruh → ui
Reporter | ||
Updated•14 years ago
|
Assignee: kaie → nobody
Whiteboard: [kerh-eha] → [kerh-eha][psm-cert-manager]
I disagree. There's no need to ever trust the CA because it doesn't make sense for the platform to verify a user's client or email signing certificate. Ultimately the platform doesn't care if the certificate is valid - the server the user is authenticating to or the recipient of the email is the one who cares. We should just fix this by removing all instances where the platform tries to validate these certificates (that said, the platform could do some basic checks like "is this certificate expired?" and inform the user that a 3rd party is unlikely to accept the certificate as valid in those cases).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•