Open Bug 1540639 Opened 6 years ago Updated 2 years ago

separate built-in roots from user-added or cached certificates in the certificate manager

Categories

(Core :: Security: PSM, enhancement, P3)

66 Branch
enhancement

Tracking

()

People

(Reporter: kreuzritter2000, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-backlog])

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

Added manually a certificate and forgot the name how it was called.

Actual results:

I don't know which certificate to remove. They look all like the ones, that are shipped with Firefox by default.

Expected results:

Manually added certificates should be marked in the certificate list with a sign so that a user can distinguish and filter them from the certificates that are shipped by default with Firefox.
This is important for security reasons. It makes it easier to remove manually added certificates completely without overlooking or forgetting one.

Status: UNCONFIRMED → NEW
Type: defect → enhancement
Component: Untriaged → Security
Ever confirmed: true
Product: Firefox → Core

In the "Security Device" column, certificates that were shipped with Firefox will have the string "Builtin Object Token" (or the localized equivalent). Certificates that were added by the user (or cached intermediates encountered while browsing) will have the string "Software Security Device" (or the localized equivalent).

Blocks: 1029832
Component: Security → Security: PSM
Priority: -- → P3
Summary: Manually added certificates are not distinguishable from certificates shipped with Firefox → separate built-in roots from user-added or cached certificates in the certificate manager
Whiteboard: [psm-backlog]

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #1)

In the "Security Device" column, certificates that were shipped with Firefox will have the string "Builtin Object Token" (or the localized equivalent). Certificates that were added by the user (or cached intermediates encountered while browsing) will have the string "Software Security Device" (or the localized equivalent).

Thanks. In this case it would be good if there were also a separation of cached intermediate certificates and manually added certificates.

Hi, Can I work on this issue?

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.