Having not set trust on self's cert leads to confusing behaviour of the application. A user might create a new profile and restore the cert from a p12 backup file. Suppose the p12 file was signed by a CA that was previously unknown or untrusted. Actual behaviour: The cert will be imported, but not trusted. Expected beahviour: The application should detect that a personal cert from an untrusted CA is being imported. It should bring this fact to the user's attention. It should prompt the user and tell him something like: Your own cert is not trusted. You need to trust the issuing CA before you can use your cert successfully. Do you want to edit the trust now?
I totally agree that this is the correct behavior, but it will probably have to wait until after RTM. WE have code somewher that does exactly that, but porting it to MOz would require ui changes that are not acceptable.
Priority: -- → P1
Target Milestone: --- → Future
Assignee: ssaux → kaie
*** Bug 140153 has been marked as a duplicate of this bug. ***
*** Bug 140184 has been marked as a duplicate of this bug. ***
Assignee: kaie → nobody
Whiteboard: [kerh-eha] → [kerh-eha][psm-cert-manager]
I disagree. There's no need to ever trust the CA because it doesn't make sense for the platform to verify a user's client or email signing certificate. Ultimately the platform doesn't care if the certificate is valid - the server the user is authenticating to or the recipient of the email is the one who cares. We should just fix this by removing all instances where the platform tries to validate these certificates (that said, the platform could do some basic checks like "is this certificate expired?" and inform the user that a 3rd party is unlikely to accept the certificate as valid in those cases).
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.