Closed Bug 345124 Opened 16 years ago Closed 10 years ago
anti-phishing may pop up bad cert dialog when trying to get keys
The anti-phishing feature grabs keys from a remote server used to decrypt values in local tables and to encrypt urls when in "ask google" mode. The keys are retrieved from www.google.com over https using XMLHttpRequest. If the ssl cert doesn't match for some reason, the user gets a dialog asking if they want to accept a cert. This is a poor user experience. Rather than using XMLHttpRequest, we should use an nsIChannel with a nsIInterfaceRequestor that has a nsIBadCertListener. See http://lxr.mozilla.org/seamonkey/source/toolkit/mozapps/update/src/nsUpdateService.js.in#1674 for reference.
This seems likely to be irrelevant when bug 388652 lands. We should consider marking it WONTFIX/INVALID.
Depends on: 388652
It depends on whether Mozilla wants to validate the data from the update servers using a MAC. In that case, we'd still need the key.
For reference: http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec section 4.
Pretty sure this isn't a problem -- bad cert errors from XML haven't opened prompts in a long time.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.