Closed Bug 176507 Opened 22 years ago Closed 18 years ago

Certificates added without warning or confirmation


(Core Graveyard :: Security: UI, enhancement, P1)

1.8 Branch


(Not tracked)



(Reporter: twb0, Assigned: KaiE)




(Keywords: fixed1.8.1, Whiteboard: [kerh-coa])

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20021016
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20021016

After requesting a THAWTE personal E-mail certificate, they E-mail you with a
URL where you can "pick up" and install your certificate.  Clicking on this URL
opens a new browser window and installs the certificate with absolutely no
confirmation, warning, or other indication about the success/failure of the
operation.  While the security risk is probably not substantial (i.e. you
probably can't install an arbitrary certificate because your private key won't
match), it should at least be looked into to reassure the user that their
certificate installation has either succeeded or failed.

Reproducible: Always

Steps to Reproduce:
1. Request digital certificate from CA such as
2. Click on URL E-mailed to you by the CA

Actual Results:  
Certificate is installed successfully, but no indication of this is shown.

Expected Results:  
Either a warning dialog should open (i.e. "Do you want to install the
certificate xxxxx?") or at least a confirmation in the status bar should be
displayed (i.e. "Certificate xxxx installed.").
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → 2.4
Confirming. A personal cert is added to your cert DB with no dialogs appearing.
Severity: normal → enhancement
Ever confirmed: true
OS: Windows 2000 → All
Priority: -- → P5
Hardware: PC → All
The question is:

"Is it a back that no feedback is given" (like you are suggesting)


"It would be a feature if we gave the user an additional feedback".

On one hand side, I think it would be a good idea to do what this bug suggests,
and always give at least some small feedback to the user.

On the other hand side, in past discussions it has been argued, that issueing
certificate authorities want to customize the feedback they give when delivering
a certificate to a user. Some CAs are doing that by using a delivery page that
is a multipart type page, which delivers HTML content for display at the same
time the certificate content type is delivered (and imported by the security
Oops, in the previous comment I wrote "Is it a back...", but of course I meant
"Is it a bug...".
Setting to Future. Related to bug 184659, bug 184662 and bug 184663.
Target Milestone: --- → Future
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody.  Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
I agree.  I did this myself and I thought it didn't load right or something when
getting my Thawte Cert.  There should be at least some sort of dialog box that
pops up.

Voted.  My $0.02.
Product: PSM → Core
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.1? → blocking-aviary1.1-
Flags: blocking-aviary2.0?
Are we going to add this popup/dialog for 2.0?
Feedback would be good, but I'm not sure that a dialog is necessary.  Bumping nomination to core, reassigning to defaults.
Assignee: nobody → kengert
Flags: blocking-aviary2? → blocking1.8.1?
QA Contact: junruh
Whiteboard: [kerh-coz]
Need some kind of feedback in 1.8.1, if not indeed actual user permission (!).  Blocker+
Flags: blocking1.8.1? → blocking1.8.1+
*** Bug 308857 has been marked as a duplicate of this bug. ***
Bug 310446 has a patch that will supply user feedback for various cert import actions.
Depends on: 310446
Please see bug 308857 for more background on this bug.

Kai, I suggest you take this up with Bob Lord and perhaps Steve Parkins.
Bob was the manager of PSM at the time when PSM was changed to work as 
it does now, and I believe it was he who specified the way it now works.

Further, IIRC, the first CA product to make use of the new technique for 
providing feedback in web page content itself, rather than in browser 
dialogs was CMS.  So I think you're rather directly connected to the people 
to whom it matters most (or to whom it once mattered most) how mozilla 
notifies the users.  
We need to make sure we think through the request in the context of the apps that we have today.  Back when this bug was filed, we had a single client for browsing and email.  That meant to retrieve your certificate from the CA, you could use your browser to search for it, and then click on a link to import it.

Or the CA would send you an email with a browser link. You'd click on the email link, the browser would open and import the certificate.

In both cases, the mail client would be able to use the cert because it was in the same process as the browser. 

Today we have different apps, with separate databases.  We're working to re-unify the databases, but that won't happen until the end of 2006 at the soonest.

This issue may or not be directly related to the bug 338615 which I just filed.

Discussed with Bob Lord and Steve Parkinson. They agree it is ok to reintroduce the confirmation dialog.

Let's see of I can get in additional feedback messages for cert-import-attemps being ignored, bug 310446. Because this has been marked by Shaver as a blocker for 1.8.1, but we are too late for new IDL, our feedback messages will have to be done in a non-embedding-overridable-fashion, at least in the initial implementation.

This will get fixed first, therefore changing depends on bug 310446 to blocks bug 310446.
Blocks: 310446
No longer depends on: 310446
Priority: P5 → P1
Whiteboard: [kerh-coz] → [kerh-coa]
Target Milestone: --- → mozilla1.8.1beta1
Version: psm2.4 → 1.8 Branch
Fixed on trunk using patch attached in bug 310446.
Closed: 18 years ago
Resolution: --- → FIXED
Keywords: fixed1.8.1
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.