Closed Bug 293156 Opened 20 years ago Closed 18 years ago

Comodo certificates not displaying all available uses

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: steve.smith, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050505 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050505 Firefox/1.0+

The three Comodo roots should have been verified for all optional uses. Instead
they all currently display only "SSL Certificate Authority". 

Reproducible: Always

Steps to Reproduce:
1. Go to Tools > Options
2. Go to Security > Certificates
3. Go to Authorities
4. Select a Comodo certificate and click View

Actual Results:  
The certificate viewer opens and displays only "SSL Certificate Authority" under
"This certificate has been verified for the following uses:"

Expected Results:  
In the general tab, under "This certificate has been verified for the following
uses:" there should be a list of all available features, such as "SSL Server
Certificate", "Email Signer Certificate", "Email Recipient Certificate", "SSL
Certificate Authority", etc.
- How long have these roots been in the browser? 
- How long has the problem been occurring? 
- What impact does the problem have?
- Do you see the same problem with other browsers, e.g. the Suite or Camino? 
- Do you see the same problem with Thunderbird?
- What makes you expect that they should be marked for all uses?

Gerv

- How long have these roots been in the browser? 

From Fox 1.00

- How long has the problem been occurring? 

Not confirmed but I suspect from 1.00

- What impact does the problem have?

The full extent of the problem has not been scoped, however, the fact that 
there is a 'difference' from the UI could mean an underlying bug with the UI or 
it could mean an underlying issue with the roots.   Needs to be assessed as 
part of the fix.

- Do you see the same problem with other browsers, e.g. the Suite or Camino? 

Same within Netscape 8 Beta

- Do you see the same problem with Thunderbird?


- What makes you expect that they should be marked for all uses?

Confirmation from Nelson B that they had been marked for all uses in the NSS 
prior to inclusion into the Fox/Mox store.  The 'Edit' function also correctly 
shows the use for 'e-mail' and 'object' signing activities.

Steve

Steve (Roylance) says he's going to issue some test certs from these roots and
check that Firefox recognises the relevant sites as signed. If it doesn't, we
obviously have a much higher priority problem than just if the UI is saying the
wrong thing.

Whichever way, I hope to look at this, or get someone to, soon.

Gerv
I've noticed that https://doors.gracenote.com/ has a Comodo signed certificate,
but Firefox is claiming the certificate authority is unrecognized. Certificate
details shows me the cert is issued by "Comodo Class 3 Security Services CA".

Is this related?
No - that's a bad configuration on that site. They need to have uploaded all the
intermediate certs to the server, and have not done so. The Comodo root is
chained to the GTE Cybertrust root. 

Konqueror similarly complains. I don't know what IE does.

Gerv
(In reply to comment #3)
> Steve (Roylance) says he's going to issue some test certs from these roots and
> check that Firefox recognises the relevant sites as signed. If it doesn't, we
> obviously have a much higher priority problem than just if the UI is saying the
> wrong thing.
> 
> Whichever way, I hope to look at this, or get someone to, soon.
> 
> Gerv

Gerv, has anyone had a look at this yet? 
No; I was waiting to hear back from Steve R. on the severity of the problem. I
recently got hired part-time by the Foundation; when I get my inbox under
control, I hope to have more time to work on stuff like this.

Gerv
Steve Smith: can you get some traction within Comodo to do some investigation here?

Gerv
-> incomplete, since no feedback was provided for gervs question in comment #8 for over 1,5 years.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.