Open Bug 219842 Opened 21 years ago Updated 2 years ago

No option for requiring the user to enter the certificate manager's password again after an expiration time

Categories

(Thunderbird :: Preferences, enhancement)

x86
All
enhancement

Tracking

(Not tracked)

People

(Reporter: ifinci, Unassigned)

Details

Currently, the password for the certificates manager is entered only the first
time it is needed, there should be an option to set it to different times (like
after X time of inactivity) like there is in mozilla.
QA Contact: asa
Changing OS to all
OS: Linux → All
QA Contact: preferences
Assignee: mscott → nobody
This bug seems to be about security.ask_for_password setting. It is in code and looking in the about:config on Thunderbird it appears. The fact is that it is not used on code.

Mmmmm... On mozilla-central it happens the same. Values are defined for the setting (0, 1,2) at the documentation http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries#Security. but it is not used anywhere.

should we consider this to be an enhanecment request, or a bug? or undesireable and wontfix?

Flags: needinfo?(shopik)
Flags: needinfo?(kaie)
Summary: no option for how often to enter the certificate manager's password. → no option for how often to enter the certificate manager's password

Could be enhancement request. Its common to have expiration after unlocking "vault" in other apps

Flags: needinfo?(shopik)

An option like this would have to get implemented at the NSS library level, because it's NSS that decides if it prompts for it.

Flags: needinfo?(kaie)
Summary: no option for how often to enter the certificate manager's password → No option for requiring the user to enter the certificate manager's password again after an expiration time
Severity: normal → enhancement

n.b. this is more or less the same as https://bugzilla.mozilla.org/show_bug.cgi?id=838272
.. and indeed this is a security weakness in Firefox, etc, which I do hope that Mozilla fixes promptly.

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.