Closed Bug 345124 Opened 16 years ago Closed 10 years ago

anti-phishing may pop up bad cert dialog when trying to get keys

Categories

(Toolkit :: Safe Browsing, defect)

defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: tony, Unassigned)

References

Details

The anti-phishing feature grabs keys from a remote server used to decrypt values in local tables and to encrypt urls when in "ask google" mode.  The keys are retrieved from www.google.com over https using XMLHttpRequest.  If the ssl cert doesn't match for some reason, the user gets a dialog asking if they want to accept a cert.  This is a poor user experience.

Rather than using XMLHttpRequest, we should use an nsIChannel with a nsIInterfaceRequestor that has a nsIBadCertListener.  See
http://lxr.mozilla.org/seamonkey/source/toolkit/mozapps/update/src/nsUpdateService.js.in#1674
for reference.
Assignee: tony → nobody
This seems likely to be irrelevant when bug 388652 lands.  We should consider marking it WONTFIX/INVALID.
Depends on: 388652
It depends on whether Mozilla wants to validate the data from the update servers using a MAC.  In that case, we'd still need the key.
Pretty sure this isn't a problem -- bad cert errors from XML haven't opened prompts in a long time.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.