Steps to reproduce: using build 2003022108 run test for signed-badca.xpi cert is not displayed but dialog returns 'success' -
Assignee: dveditz → dougt
dan, terry, mitch -- Consider the case when a user downloads a software install that is signed but the CA isn't present in that user's database. Should we just treat this install as "unsigned" or should we treat this install as "broken".
I say we warn, but allow. Maybe bring up a dialog mentioning the signer and the CA, and saying that this is not a CA that we trust, but allow the option to continue with the install.
I agree. In general we allow the user to proceed with an operation after warning them that the security checks have failed. For SSL they can accept an untrusted host certificate. For S/MIME they can read and act on an email message even though the signature is broken. We should warn the user that the signer's certificate can not be validated and allow them to continue with the installation.
currently, we say that the install "unsigned".
It's not quite the same as unsigned - can we add dialog text specifically for the "invalid CA" case?
i agree that the application should have a dialog and overall better UI in regards to signed installs. over to samir.
Assignee: dougt → sgehani
You need to log in before you can comment on or make changes to this bug.