76.46 KB, image/png
Created attachment 312341 [details] The default cert selection preferences before upgrading to 126.96.36.199 After upgrading to 188.8.131.52, people on my team who use smartcards for authentication are complaining about this problem. They all confirmed that their certificate preference was set to "ask me every time", but it used to be set to "select automatically" -- the previous default. This caused a lot of confusion for folks who weren't familiar with that dialog box. In most cases, these people only had a single viable certificate to choose from. Suggestion: don't change user choices values for certificate selection (or any default, for that matter) between releases unless necessary.
It was necessary. see http://www.mozilla.org/security/announce/2008/mfsa2008-17.html and the problems discussed in bug 295922 and bug 395399 (and especially the PoC in the latter). Quite unfortunate that no one's stepped up to implement something like bug 395399 to ease the pain, but the number of people inconvenienced by the change is dwarfed by the number of people at risk. And those people will be motivated to seek out and change the option whereas the people at risk had no such feedback that they needed to change the option the other way. Unfortunately there was no way to distinguish people who had the default because it was the default from those who had the default because they intentionally left it that way.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.