359423 - There is no "deny always" option for certificates

Status: RESOLVED INCOMPLETE

(Firefox :: Security, enhancement)

Description

[Mike Hoye]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

There's two things going on here, one of which _might_ be a bug, and one of which is a feature request. In the cert management process, when you're presented with a new certificate that can't be validated by some authority, you are given the option to accept now, accept always or deny now. There is no Deny Always option. 

Reproducible: Always

Steps to Reproduce:
1. Try to deny a certificate that is required (whatever that means) several times on a page. 
2. Click deny, several times, not just once.
3.

Actual Results:  
On many weblogs that include paypal links, for example, if you've decided not to trust verisign as a root CA, you have to click three or more times on identical dialogs to deny the paypal cert (just as an example). 

Expected Results:  
One click per cert per page. This part is, I think, the "bug" part - if you've chosen to deny the paypal cert once, you shouldn't have to do it again for the same page. 

The additional feature that I'd like to request here is that fourth button, that you should also (like password-saving) be able to choose to _never_ accept that certificate, deny-always. I realize that the UI here is cluttered already, but I also think it's a reasonable feature to include, so there you go. 

Sorry if "security" is the wrong place to file this one.

Comment 1

[Paul Craciunoiu [:paulc]]

Having to click "Deny" every time for frequently visited sites can be a hassle.

Any other opinions on this?

Comment 2

[u279076]

Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE.  Please reopen or file a new bug if you can still reproduce the bug.