2.0.0.13 upgrade changed certificate preference to "ask me every time"

VERIFIED WONTFIX

Status

()

Firefox
Security
VERIFIED WONTFIX
10 years ago
10 years ago

People

(Reporter: bill, Unassigned)

Tracking

2.0 Branch
PowerPC
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

10 years ago
Created attachment 312341 [details]
The default cert selection preferences before upgrading to 2.0.0.13

After upgrading to 2.0.0.13, people on my team who use smartcards for authentication are complaining about this problem. They all confirmed that their certificate preference was set to "ask me every time", but it used to be set to "select automatically" -- the previous default.

This caused a lot of confusion for folks who weren't familiar with that dialog box. In most cases, these people only had a single viable certificate to choose from.

Suggestion: don't change user choices values for certificate selection (or any default, for that matter) between releases unless necessary.
It was necessary.

see http://www.mozilla.org/security/announce/2008/mfsa2008-17.html and the problems discussed in bug 295922 and bug 395399 (and especially the PoC in the latter).

Quite unfortunate that no one's stepped up to implement something like bug 395399 to ease the pain, but the number of people inconvenienced by the change is dwarfed by the number of people at risk. And those people will be motivated to seek out and change the option whereas the people at risk had no such feedback that they needed to change the option the other way.

Unfortunately there was no way to distinguish people who had the default because it was the default from those who had the default because they intentionally left it that way.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WONTFIX

Updated

10 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.