Closed
Bug 154274
Opened 23 years ago
Closed 23 years ago
When signing/encrypting certificate is pre-configured, provide ability to lock associated elements in Security Panel
Categories
(SeaMonkey :: MailNews: Account Configuration, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
mozilla1.0.1
People
(Reporter: racham, Assigned: racham)
References
Details
(Whiteboard: [adt3 RTM] [ETA 06/28])
Attachments
(1 file)
|
3.91 KB,
patch
|
racham
:
review+
mscott
:
superreview+
|
Details | Diff | Splinter Review |
ISPs and vendros can lock 2 certificate selection buttons on the security panel
(in AccountManager) for a given new profile. This will make the panel locked
since those buttons are starting points on that panel. However, if the cert is
selected, user is allowed to change choices like whether or not to sign or
encrypt. I think it will be better if we can go to the granularity of providing
ISPs/vendors to lock the sign/encrypt options also. This would be important in
cases where Administrators would not want any of users to send any mails without
signing/encryption.
Patch coming up....
Status: NEW → ASSIGNED
Summary: Existing profile's security panel items should locked too → Existing profile's security panel items should be locked too
Here are the relavant prefs that need to be added to the prefs file from which
config file is generated.
1. lockPref("mail.identity.id8881.signingCertSelectButton", true);
// Security Panel - disable button that allows user to select signing cert.
2. lockPref("mail.identity.id8881.encryptionCertSelectButton", true);
// Security Panel - disable button that allows user to select encrypt cert.
3. lockPref("mail.identity.id8881.sign_mail", false);
// Security Panel - lock the choice of sending mails with/without signing
4. lockPref("mail.identity.id8881.encryptionpolicy", 0);
// Security Panel - lock and the choice of encryption policy : 0 - Never
encrypt, 2 - Always encrypt
Keywords: nsbeta1
QA Contact: nbaca → rvelasco
Target Milestone: --- → mozilla1.0.1
|
||
Comment 3•23 years ago
|
||
Comment on attachment 89183 [details] [diff] [review]
patch, v1.0
sr=mscott
Attachment #89183 -
Flags: superreview+
Comment on attachment 89183 [details] [diff] [review]
patch, v1.0
Navin has given r=.
r=naving.
Attachment #89183 -
Flags: review+
Changing summary to reflect that locking that can be done when certificates are
pre-configured.
Summary: Existing profile's security panel items should be locked too → When signing/encrypting certificate is pre-configured, provide ability to lock associated elements in Security Panel
Fix landed on the trunk.
Thanks for the reviews.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Keywords: mozilla1.0.1
|
||
Updated•23 years ago
|
Q: when certificate is pre-configured and locked, how do we upgrade users'
certificates?
|
||
Comment 8•23 years ago
|
||
the subject name/nickname of a certificate can be the same for subsequent
certificates from the same issuer. The application would automatically choose
the most recently issued certificate with the nickname specified in the
signing/encryption cert prefs.
If the nickname for the renewal cert is different, then you're right, the user
will run into a problem. Moreover, if the sign/encrypt preferences are also
locked, then the user will not be able to send any mail for examaple if he must
sign and the signing cert has expired.
When it's time to upgrade with a different nick name, they should change
"mail.identity.<id key>.encryption_cert_name" and/or
"mail.identity.<id key>.signing_cert_name" to pick up the new one. I think that
should just work fine.
Administrators/ISPs have to choose a right schema of locking here i.e., the one
that fits their organization better.
* When they want user to use only one certificate and always sign, set those
prefs and lock them all.
* When they want users to use only one certificate and give option to user about
signing mails, then lock only the cert select button and the cert name prefs.
* When they want users to use mutlitple certs, they can't really lock any of the
items as users may want mix&match the combination of certs and the choices
(about sending mails digitally signed).
The patch in here provides flexibility for all kinds of scenarios. I just need
to get driver's approval on this one now for branch checkin. As this is already
on the trunk, I will talk to Rodney to verify this one.
|
||
Comment 10•23 years ago
|
||
verified on linux trunk builds 2002062708 this will probably be a documented
feauture for factory.
Status: RESOLVED → VERIFIED
|
|
||
Comment 11•23 years ago
|
||
adt1.0.1- per the ADT. let's get it in the next release. should you disagree
with the minus, pls remove the minus, leaving adt1.0.1 in the keywords, then
send an email to Drivers' and ADT for approval.
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•