Permanently accept SSL certificates for POP/IMAP mail

RESOLVED DUPLICATE of bug 255025

Status

SeaMonkey
MailNews: Message Display
--
enhancement
RESOLVED DUPLICATE of bug 255025
13 years ago
13 years ago

People

(Reporter: Klaus Johannes Rusch, Assigned: (not reading, please use seth@sspitzer.org instead))

Tracking

1.7 Branch
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

13 years ago
When accessing Web sites whose certificate is not valid for some reason
(expired, unknown certification authority, incorrect site name) an option is
given to accept the certificate once or permantently.

With secure POP/IMAP mail such an option is not available, the certificate can
only be accepted for a single session.

It would be desirable to have the same options as with Web site certificates to
the certificate once or permantently.
(Reporter)

Comment 1

13 years ago
Created attachment 169900 [details]
Screenshot

Comment 2

13 years ago
For "unknown certification authority" you can accept the certificate
permanently, see Bug 221552 (this is broken atm). But this can be fixed by
importing the CA. For the other two reasons (incorrect site name, expired) i
think it is wanted that you can't accept this permanently, since a incorrect
site name should just not happen and the certificate should be fixed.

Comment 3

13 years ago

*** This bug has been marked as a duplicate of 219678 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
(Reporter)

Comment 4

13 years ago
> For the other two reasons (incorrect site name, expired) i
> think it is wanted that you can't accept this permanently, since a incorrect
> site name should just not happen and the certificate should be fixed.

A warning once is perfectly right, but then it should be deferred to the
responsibility of the browser user to decide whether or not the certificate
should be accepted, especially when getting the certificate fixed is beyond the
control of the browser users (most of the time).

Forcing the user to accept the warning every time increases the risk that users
will use the non-secure POP/IMAP ports instead, which is worse than knowingly
accepting a certificate whose name does not match (which does not do any harm to
the encryption of the communication).
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---

Comment 5

13 years ago
This has been discussed before, see dupe. And don't reopen this bug.

*** This bug has been marked as a duplicate of 219678 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago13 years ago
Resolution: --- → DUPLICATE

Updated

13 years ago
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---

Comment 6

13 years ago

*** This bug has been marked as a duplicate of 255025 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.